Report - offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik

Report Overview

Submitted URL
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
IP
18.228.72.89
ASN
#16509 AMAZON-02
Submitted
2023-03-25 22:23:25
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
checkout.jumpmobile.com.br	unknown	2022-07-20T06:09:44Z	2023-03-28T03:42:40Z	404 B	418 B	15.197.162.153
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-29T05:44:04Z	385 B	51 kB	142.250.74.168
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-29T06:01:47Z	376 B	21 kB	142.250.74.78
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-29T05:09:04Z	2.7 kB	5.6 kB	216.58.211.3
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-29T09:59:29Z	522 B	578 B	142.250.74.163
auth3.tim.com.br	418444	2017-02-22T20:54:50Z	2023-03-29T21:08:27Z	404 B	751 B	45.60.65.22
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	127 B	54.186.87.181
www.timpromos.com.br	140429	2016-06-28T13:11:23Z	2023-03-29T18:12:24Z	4.6 kB	46 kB	91.241.94.8
offdeck.jumpmobile.com.br	710628	2022-07-20T06:09:46Z	2023-03-28T03:42:39Z	3.8 kB	66 kB	54.232.233.188
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
ocsp.r2m01.amazontrust.com	unknown	2022-10-12T22:43:53Z	2023-03-29T09:11:41Z	700 B	2.0 kB	54.230.80.227
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	50 kB	34.120.237.76
analytics-br-tim.securewebfraud.io	unknown	2022-06-26T04:48:09Z	2023-03-25T23:23:08Z	423 B	330 B	91.220.208.18
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-29T09:08:31Z	617 B	598 B	173.194.221.154
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	2.4 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191
www.google.com	7	2015-05-10T13:11:19Z	2023-03-29T05:55:56Z	523 B	578 B	142.250.74.164
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-29T05:15:25Z	846 B	450 B	216.239.32.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-25 22:23:30	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-03-25 22:23:30	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-03-25 22:23:30	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM	133 kB	2023-03-29	2023-03-29
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:37:58 Last Seen2023-03-29 22:37:58 Times Seen2 Hash 207893605b4bc0326f57e8981b5dc2d1 34235885d2d5ad15d383e18d33bc352c0ded2707 1e643892335625f47c6f21ebef1ad1ed4afe3522846b1f5f1b147d1065bf93c7 Loading...

	www.googletagmanager.com/gtag/destination?id=G-Z2QSK4XKQP&l=dataLayer&cx=c	234 kB	2023-03-29	2023-03-29
Pretty URL www.googletagmanager.com/gtag/destination?id=G-Z2QSK4XKQP&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:37:58 Last Seen2023-03-29 22:37:58 Times Seen1 Hash ed6b17f9897eb4c551f92bd64b1327f8 2c659add86dd826e27698d4a33871bffd9c0afca adbf54a98bc6e03672a9868a337d2f9747490bd924365163add4646c9b4ef640 Loading...

	www.googletagmanager.com/gtag/js?id=G-Z2QSK4XKQP&l=dataLayer&cx=c	229 kB	2023-03-29	2023-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=G-Z2QSK4XKQP&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:37:58 Last Seen2023-03-29 22:37:58 Times Seen1 Hash ed0b8e0474ff4d089173d9f166f5c1a9 4c4811e43c0682f6a86b5736ecb0be030a528e3d dd97408d22eefd29923f2da38980e217410c10efb9a52bf6e2c2827327bbd1af Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	131 kB	2023-03-29	2023-03-29
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:37:58 Last Seen2023-03-29 22:37:58 Times Seen1 Hash 23e726d93d2fe9a0812c6293472e6620 fc44da2f183d7dcbe5c2b8fdcee448cd54551c6e ff2f2b25db2b60729627d6d49684f76ce41db9062576449391c3f6c0314f2a71 Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	181 B	2023-03-13	2023-05-31
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:02:14 Last Seen2023-05-31 03:29:52 Times Seen27 Hash 29011aeeaa73cfed05b716cfce5cdbcb 94aec08bae001d90698e46a9ce862722e0caf44a d77edfd12db899c0adbcdd45a869951c54a88babc16a8ae67d443c32f34d6c5e Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	910 B	2023-03-07	2023-10-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2023-10-21 04:16:40 Times Seen242 Hash f68c373e37316f35bea482bd64481d75 6f1aef952c8b7e8d3899bffb83002c3c9b8aa7dc 78f68ab1a0e2c3cd5717ecb6f5a4e7d80575abb13e661b72b4ed360af988187e Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	56 B	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen324 Hash e633aa08ae12366911d8e26c62df0ac7 a16f61cc6d9dbd371d1111eaff9b8e9ab3532ad7 4d9920d1b0a027e9d1e7994912dede5626a56cef010170b15fb45edc85f882ed Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	75 B	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen653 Hash 219540904c0178c788f7876c475cf695 34be8b20e8abc01ba107bb54f70c2319511043b7 328ca9901193cec5051c6c7fe1404faf85e4ce1cfed2d9bb7bc429a8573d90ca Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	548 B	2023-03-13	2023-05-31
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:02:14 Last Seen2023-05-31 03:29:52 Times Seen27 Hash 73446065541f7540f8ca4167db1149e8 8734d0798ff8584f9ffd9c945b34ba8eb63750fb 651c457b4c466537d4806340408614416a31376f2014b81531cc0cf8c0c594b3 Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW	1.3 kB	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen646 Hash 32107fcc1984fa62bea9d7dbbf932c08 ea6c30a9630a580a1656fb7360431afaf7bd9416 984649f7580993dc5ffefe351760e74f630f271d6593c7dde254f044a5fd4380 Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15288
Expires: Sun, 26 Mar 2023 02:38:02 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17327
Expires: Sun, 26 Mar 2023 03:12:01 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 22:15:29 GMT
content-type: application/json
age: 465
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4780
Expires: Sat, 25 Mar 2023 23:42:54 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: jfadarT9/t/m3YjURJD6B4l3M4pzcYdRmYWO++sZ+X6sX32ggOOFsyBRy7peW6H3BDLRFP9CAUI7VqGXCTeFfA==
x-amz-request-id: F050W5HD82HRS4CG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 22:00:57 GMT
age: 1338
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik

54.232.233.188

301 Moved Permanently

134 B

URL HTTP/1.1
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Sat, 25 Mar 2023 22:23:14 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://offdeck.jumpmobile.com.br:443/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:23:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 22:14:33 GMT
age: 522
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 26 Mar 2023 00:48:31 GMT
Date: Sat, 25 Mar 2023 22:23:15 GMT
Connection: keep-alive

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
fae26745ac2bb4779b884dadafbb02e5
b5c7e072561ee07a58b561883d7aea5c16c0e96e
81d81564fcd7352fa0cfba50cdbf77429addb1288486c0e43f4072195b70345b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143760
Date: Sat, 25 Mar 2023 22:23:15 GMT
Etag: "641f02e3-1d7"
Expires: Mon, 27 Mar 2023 14:19:15 GMT
Last-Modified: Sat, 25 Mar 2023 14:19:15 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hf56_nG2JYaEdbMuZBe_WeUQU2yd_C_cxoCxfs5qT8dRI11bGXOW_w==

push.services.mozilla.com/

54.186.87.181

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.87.181:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FbcosvM9m4jUWhOJFn0eiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wO7L6hlmvhYqMh5i3s0fIOJUgNI=

offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik

54.232.233.188

302 Found

0 B

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:23:15 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: http://checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
X-Firefox-Spdy: h2

checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE

15.197.162.153

307 Temporary Redirect

0 B

URL HTTP/1.1
checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE
IP
15.197.162.153:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/usercheck?s=1FF224902D5C49AF87802707C5F934BE HTTP/1.1
Host: checkout.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 307 Temporary Redirect
Date: Sat, 25 Mar 2023 22:23:16 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Set-Cookie: sessionId=1FF224902D5C49AF87802707C5F934BE;Version=1
Server: Jetty(9.3.15.v20161220)

www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW

91.241.94.8

200 OK

43 kB

URL HTTP/1.1
www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62428)
Size
43 kB (43269 bytes)
Hash
2f3bb10441cb682d7d018452c4478fe9
de244fcafdb4b101e8c565ac469628d328beb8e1
a17b8ab789fb10c913349076e1e1a1a6e2a8bbbe66c83a33a4552f0c167e97cd

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:23:16 GMT
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 432524413
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; expires=Sun, 26-Mar-2023 04:23:16 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; expires=Tue, 22-Mar-2033 22:23:16 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Fri, 25-Mar-2022 22:23:15 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; expires=Sat, 25-Mar-2023 22:53:16 GMT; Max-Age=1800; path=/; httponly; samesite=lax
userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; expires=Tue, 22-Mar-2033 22:23:16 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979; Path=/; Domain=.www.timpromos.com.br
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9486 bytes)
Hash
6530dbbc16d84b7047fa4bc66364fbf4
a53e0919923151e009e12010c60acb5a9175d37e
e64a2699e763d75a068ee6ceafd4eb2a1922488dc2e052699fb4242f0bf20524

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9486
x-amzn-requestid: b0324b5e-303e-485a-ae57-c001378aa401
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW2eRHjaoAMF74w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6ac1-27f002da252bd7ee19802f3d;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:42:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: V-lhHgr1lyxVF9XaxHQ6abgEwVC_llAl8opmQ8qKJ7Ee76HWSP1ZoA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
age: 864
etag: "a53e0919923151e009e12010c60acb5a9175d37e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (4000 bytes)
Hash
85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 05:56:24 GMT
age: 59213
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7882 bytes)
Hash
9ff8bb94dc368c89ab13dfcfe312e5cd
7819408faa7e232c57bf448d78cf00e7f98469f6
2a04de377d0d4c7cd4a720420806e3f7a872290fad006ef6a172b86d7c249378

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7882
x-amzn-requestid: cdb6c312-e4b1-41e4-a13e-723f8628961d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW3M0G_3oAMFpWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6beb-37ff37b35f2de72b6faf0bf9;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:47:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 36IijBFVCfKpOEcor_pSyo94rbX4Ym1SD_XbGZIoY16BLfcALXcS1w==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
etag: "7819408faa7e232c57bf448d78cf00e7f98469f6"
content-type: image/jpeg
age: 864
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5916 bytes)
Hash
4079fe41a14c57ac6160bdb654f6ef64
99d9cd4a1d423d776284f2d638763ebe33e247ad
218e38cf89853672bb8b24c1c53d58092a75827fb9f7aad02c8e4bbc02d44325

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5916
x-amzn-requestid: 86502622-4d93-4767-a7ab-b963bfc9900b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUHgjoAMFmug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-069ef5781ce60e9821010204;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: r9nGZ_sMvuN7uuq8utQofWNeZtbpZfPWOzrNkaBYrmWCV5KUtGzK4w==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:07 GMT
age: 2770
etag: "99d9cd4a1d423d776284f2d638763ebe33e247ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7156 bytes)
Hash
6ca6091f5f9efa5c7a2e171b1c1538eb
32f01282a1c9e7db058c85e92a1228d498988ac2
9befacd1e0f1f863b1290e9742979a62ece98feff88f7cc3db57f4497ea96a49

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7156
x-amzn-requestid: 4c7fa12f-7a53-4960-bcf2-e88ccda4ea12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uTGq2IAMFY9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f698e-381360a95cc2762d499e2839;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 9CXL22uAnmLM15tpB3yS-cgRugdZre0cgBqhnsDrdxDp-xvFzy7A4g==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:18 GMT
etag: "32f01282a1c9e7db058c85e92a1228d498988ac2"
content-type: image/jpeg
age: 2759
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9124 bytes)
Hash
8dc799aaa2f69ef1109501a605dbdcfd
58cefa986d580ee408fbca288e3e45ba86fb97ac
54fa967d6b96b456416c62140a4eb9b6cda29b80d5083b5d1321b1fb89b3455f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9124
x-amzn-requestid: 30a39bb7-d3cc-473a-a5f9-4921367832c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUESiIAMFVEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-6c9bb97512fc3c8a3ecedc43;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: _4VxID1v_auG0Vuzp87FJoPbgJovhYYYa1fpzQZze51I6HwFKbja6w==
via: 1.1 6af36c6902a46beec743522a9bbb3ab0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:20 GMT
age: 2757
etag: "58cefa986d580ee408fbca288e3e45ba86fb97ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
fae26745ac2bb4779b884dadafbb02e5
b5c7e072561ee07a58b561883d7aea5c16c0e96e
81d81564fcd7352fa0cfba50cdbf77429addb1288486c0e43f4072195b70345b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143758
Date: Sat, 25 Mar 2023 22:23:17 GMT
Etag: "641f02e3-1d7"
Expires: Mon, 27 Mar 2023 14:19:15 GMT
Last-Modified: Sat, 25 Mar 2023 14:19:15 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s8HgskGot84BhkchORSxqMyfTerEuWfL9N-Rka2mD5sHdRue7kShsg==

offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/

54.232.233.188

200 OK

3.4 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
3.4 kB (3426 bytes)
Hash
08a77650246fbbab17f83c15713d79c9
08c4849acd7f03ceee96c95b2cdf3be577d99b37
7e28c236869355471ce54cb16993984fb1c5266ec0b479b4fa11b422b73fd0f0

HTTP Headers

GET /prouser/taplingo/tim/css/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3426
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E

91.241.94.8

200

51 B

URL HTTP/1.1
www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
51 B (51 bytes)
Hash
49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675

HTTP Headers

GET /security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979

HTTP/1.1 200 
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Access-Control-Allow-Origin: *

analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E

91.220.208.18

200

51 B

URL HTTP/1.1
analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP
91.220.208.18:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
51 B (51 bytes)
Hash
49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675

HTTP Headers

GET /web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: analytics-br-tim.securewebfraud.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/

HTTP/1.1 200 
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e6775cb573aaee995c89d41b6be93723
cad165485f34023136370b32999077f4928c68c5
c14056ae20c7cd552209571a3430df2711ec94a5f8ee42c1693a3bf2d04b30ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM

142.250.74.168

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2206)
Size
51 kB (50793 bytes)
Hash
af18e1ea8bb9081000bac9fbd2fb5b34
9cf5b3d38dca2d3b7cc3a2d5b3da9f00c43d81ed
55577ba224189836b35e7473880570434f7a5eb38fe7a754e1ff903678568059

HTTP Headers

GET /gtm.js?id=GTM-K3HVTMM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 22:23:18 GMT
expires: Sat, 25 Mar 2023 22:23:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Mar 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50793
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e6775cb573aaee995c89d41b6be93723
cad165485f34023136370b32999077f4928c68c5
c14056ae20c7cd552209571a3430df2711ec94a5f8ee42c1693a3bf2d04b30ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E

91.241.94.8

200

0 B

URL HTTP/1.1
www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979

HTTP/1.1 200 
Date: Sat, 25 Mar 2023 22:23:18 GMT
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive
Access-Control-Allow-Origin: *

offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/

54.232.233.188

200 OK

234 B

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
234 B (234 bytes)
Hash
cc160afb27685807b41ec5fe29db1c08
f76fa2c371cf87fe3fc2c5c70bca7ce7018cb05a
76e4c70d262f73e9d822908a9e435ae891daf97493b53ca027ea58c2a7b56956

HTTP Headers

GET /prouser/taplingo/tim/header/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: text/html; charset=UTF-8
content-length: 234
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/

54.232.233.188

200 OK

357 B

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
357 B (357 bytes)
Hash
860dbd50a412d73e09a685597cc23459
c18867fd61ed6c526f8a14a22f9f297b9b9e5515
aa358b227501939cf749bf56e4566f49499b5f13e4e4438e2c678df1e051a1cc

HTTP Headers

GET /prouser/taplingo/tim/footer/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: text/html; charset=UTF-8
content-length: 357
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png

54.232.233.188

200 OK

6.3 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
PNG image data, 395 x 698, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6332 bytes)
Hash
98a6b2fed5d4c43b68d84d3d42f84f7e
3974191efeeace9ca2937d465a6af3e8f95121dd
bf991152257a91ba3a9fb0319d5b580148369650310e938b9c5a2bfb6bf31fac

HTTP Headers

GET /prouser/taplingo/tim/images/bg.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: image/png
content-length: 6332
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "18bc-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.78

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Mar 2023 22:05:11 GMT
expires: Sun, 26 Mar 2023 00:05:11 GMT
cache-control: public, max-age=7200
age: 1088
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904

173.194.221.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904
IP
173.194.221.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.timpromos.com.br
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png

54.232.233.188

200 OK

9.2 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
PNG image data, 395 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9159 bytes)
Hash
ee016d74f31893d53abe00745a623884
22156ecac466c0042b2c0274338d3b7ac5c41328
b5ce00dc7f8a7fc2d0caaf2836b9380741baa74cf28abfe46d130bfe918c40e5

HTTP Headers

GET /prouser/taplingo/tim/images/footer.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:19 GMT
content-type: image/png
content-length: 9159
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "23c7-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png

54.232.233.188

200 OK

44 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
IP
54.232.233.188:0
ASN
#16509 AMAZON-02

File type
PNG image data, 371 x 271, 8-bit/color RGBA, non-interlaced\012- data
Size
44 kB (43907 bytes)
Hash
fbfc13255d88a6dc8f97c851256cf6a2
0b9ee7207a0f23b72d09efebbe0da2cc8ad1375b
a30dba0eedff8c59660e537579869c711d63fe002dd2649ac9fcb4bb55ae1b02

HTTP Headers

GET /prouser/taplingo/tim/images/header.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:19 GMT
content-type: image/png
content-length: 43907
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "ab83-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ef8608ef03d2e48c9cd6b665e8b3a946
894e7d4897dabb155138a7cbad323943c0c95122
b1a0d70bdae876e192cb4b9ba7c7f8fb7064ef3796a5d48e14c7b014789f63c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6bac14ff70f1fb910e47debdd40434da
c2ce59c6cae9af589143a911a086f35db830654d
670d54ab31df749a0b913c0d490e3b1cf835aff2df965d7b6522c6e9ad3d6be2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ef8608ef03d2e48c9cd6b665e8b3a946
894e7d4897dabb155138a7cbad323943c0c95122
b1a0d70bdae876e192cb4b9ba7c7f8fb7064ef3796a5d48e14c7b014789f63c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7e3ff6b78faf64b75d13e5e4c390f7c5
1ec395988633a280be5876ea74b91b994ca88bda
470501dd8e4cb351f2b3effe7507b9582758ecf492d587545f740c13527289d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://www.timpromos.com.br
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css

45.60.65.22

200 OK

0 B

URL HTTP/2
auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
IP
45.60.65.22:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /OTP/css/TIM-Login-styles-sheet.css HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
server: Apache
last-modified: Thu, 04 May 2017 03:57:51 GMT
etag: "f8065-539a-54eaac6d7edc0"
accept-ranges: bytes
content-type: text/css
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fb4o20101; expires=Sat, 25-Mar-2023 23:23:18 GMT; path=/; Httponly; Secure
visid_incap_2787765=AoMmX5KFQNOqFyicFxGDQEd0H2QAAAAAQUIPAAAAAACr8W7LStRwDnKvtKf/Un/w; expires=Sat, 23 Mar 2024 22:50:10 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_276_2787765=MiWWJbH93R+Kizv4Lo3UA1V0H2QAAAAAk4W66mFfkP7Lyr5zOhS1zw==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 5-14075371-14075373 NNYN CT(257 777 0) RT(1679782996030 18) q(0 0 10 0) r(13 13) U24
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML