r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14358
Expires: Wed, 08 Feb 2023 06:04:24 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13025
Expires: Wed, 08 Feb 2023 05:42:11 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 01:34:11 GMT
content-type: application/json
age: 1855
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8873
Expires: Wed, 08 Feb 2023 04:32:59 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9fIeBQPn2lF6yM9IGY+G7ikvFv/cB6+iOWb3FX9GR4HJTu4cpdoe7M4A8eRnmbPddyhu/s5xtLk=
x-amz-request-id: 253GMPCP35YPSCY3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 01:35:44 GMT
age: 1762
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:05:06 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 01:51:19 GMT
age: 827
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc1d233f69ae2256cc3c85df679065a1
e1f82f9aa96f0f7f1e44186a1472a6d77b87ba5d
8a93e3b345478785f73fba7476ce282273da62dec537cb8440d5950b31e5b323
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A93E3B345478785F73FBA7476CE282273DA62DEC537CB8440D5950B31E5B323"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 08:05:06 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11214
Expires: Wed, 08 Feb 2023 05:12:00 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive
promouber-br.com/
200.58.111.23200 OK 6.8 kB IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1958)
Hash 7d00b55e2bf445f15d337d48c136b720
6c498adfe04ead3df36ac2070532cb3862a8cd2a
707b508754486d6c96a46f4b6e8987bdc8f557de33ef64a27be8f4ab5b356f1f
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET / HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "6d50-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6840
content-type: text/html
date: Wed, 08 Feb 2023 02:05:06 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.13.249.229101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.249.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pT5PSwBVv89MOID0dZcHog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: f5WBThEchLdSpABY9+D2Yx2Mj5E=
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32061)
Hash b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 22:44:56 GMT
expires: Wed, 07 Feb 2024 22:44:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 12011
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promouber-br.com/uber_files/linkid.js.transferir
200.58.111.23200 OK 852 B URL HTTP/2 promouber-br.com/uber_files/linkid.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (1335)
Hash 2c9c1e44353bad2e6b729ad8674710e4
d00b7ce9bc66f3e76a107ae6f137727fa5995791
c1968f88dfb5ce136d3362a784a98f1972ce3cac12f7c06a3d599e180257d0a0
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/linkid.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "621-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 852
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css
200.58.111.23200 OK 2.4 kB URL HTTP/2 promouber-br.com/uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css
IP 200.58.111.23:0
File type ASCII text, with very long lines (9182), with no line terminators
Hash e1a287aa8ba7f2611cab7d42b5a93156
1441eb8c3818e5be80c0f05486591ae9e5961229
ce06f48ae6ea6110bc8f3cde32d922d19ba2548e2125546d11b096a7f5e4890e
Analyzer Verdict Alert openphish Uber
GET /uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "23de-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2431
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/superfine.css
200.58.111.23200 OK 19 kB URL HTTP/2 promouber-br.com/uber_files/superfine.css
IP 200.58.111.23:0
File type ASCII text, with very long lines (65445)
Hash d71d10bb35d04f284e2c9e2eaeeba1ed
bf7325a11feff443ef95135e97d87eae4b68b046
971534af2f862d1d7909f6fa8435da1a245d5dc9102302041f76764728c895c9
Analyzer Verdict Alert openphish Uber
GET /uber_files/superfine.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1d8a6-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 18991
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/uwt.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/uwt.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/uwt.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/ec.js.transferir
200.58.111.23200 OK 1.3 kB URL HTTP/2 promouber-br.com/uber_files/ec.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (523)
Hash a8e8bf3cc037dd861e63342a8f8a9f35
78a9a9e7240df05b7f7804fb960ab5cf410bee6a
3ed87ac15a9a6275c4982fdc15247cb4c0f924b072d47de037c31a3aacf70646
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/ec.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "adb-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1292
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.578.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.578.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.578.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.651.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.651.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.651.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.627.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.627.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.627.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.v.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.v.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.v.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.590.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.590.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.590.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.876.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.876.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.876.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.756.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.756.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.756.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.871.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.871.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.871.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/analytics.js.transferir
200.58.111.23200 OK 12 kB URL HTTP/2 promouber-br.com/uber_files/analytics.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (1618)
Hash 68e40bf3a67b2781593f420e1c3cd3f8
72a56c72ea0aefc973d6f340902c38a329b4eaff
2f39d04039e9a366c130816247c974202fb5dc06cd50376428d25b5893adfb5a
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/analytics.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "7577-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12358
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.557.js.transferir
200.58.111.23200 OK 1.4 kB URL HTTP/2 promouber-br.com/uber_files/utag.557.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (1418)
Hash 9d84f140d32bee08c91e9bec95f233d1
03281935e4aa20f696d9722dd638efc9191728b2
bf3c0e88976bdac4ba968bf5c4c0ba6ab8bf5de5932878c57e6c4bd6cfde63f0
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.557.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "b27-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1406
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.44.js.transferir
200.58.111.23200 OK 5.5 kB URL HTTP/2 promouber-br.com/uber_files/utag.44.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (2227)
Hash 0d798b05e35b253d7edeb313c25dd9bd
56ad463ca6a29036d581208b4bd5abe8e0c99033
778b0601f0903747ac45201d91e1dbe9e87c1b1055860bf761686b2677261cfc
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.44.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "585c-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5497
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.872.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.872.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.872.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.830.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.830.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.830.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.727.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.727.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.727.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir
200.58.111.23200 OK 936 B URL HTTP/2 promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (2344)
Hash deb8740cd206cf177259f74cde1008b3
595efadd6e3c8f1a2938dee70a4a56881c409443
b71d5ffe62ffd6c1db0d356d96be3b96c8a72921623eaabf1e470530e2cade78
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "985-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 936
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/api.js.transferir
200.58.111.23200 OK 407 B URL HTTP/2 promouber-br.com/uber_files/api.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (702), with no line terminators
Hash fd80b7306b38138e62ebc30a899ceca0
cfc0b7d1453cd2c78c9724402c481ea3ef82397c
8d49280597ab8f48560d673351f8ae56805a2cf0e63d44286b5ab192f78648cc
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/api.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "2be-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 407
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.945.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.945.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.945.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/2593.js.transferir
200.58.111.23200 OK 4.1 kB URL HTTP/2 promouber-br.com/uber_files/2593.js.transferir
IP 200.58.111.23:0
File type C source, ASCII text, with very long lines (10278), with no line terminators
Hash 47cfe865af73dfaf5cba65e22c446326
0433df70d396c0be435a83f0a6e7d37f416aa9fd
44f33edbd70e71289e6f785946f07ae77c1ebe8aa4858edd7f67b3369193a299
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/2593.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "2826-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4071
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/conversion_async.js.transferir
200.58.111.23200 OK 4.8 kB URL HTTP/2 promouber-br.com/uber_files/conversion_async.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (1719)
Hash dcaa74faf2b636be0233bca4b292f651
f8e67a82bb9a0ec8cf3b26fe9d3e2ac2b693fc4b
e664392edea2a938c9b4fe3dc2f8132c28d3b6c2ed454f122069dc5df4dfd8f3
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/conversion_async.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3084-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4770
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12728
Expires: Wed, 08 Feb 2023 05:37:16 GMT
Date: Wed, 08 Feb 2023 02:05:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12728
Expires: Wed, 08 Feb 2023 05:37:16 GMT
Date: Wed, 08 Feb 2023 02:05:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0hu3nATq26ngjS5942rJgt7AcT4wjG0mFfNrtsajSN2PpdAOYhTjFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:42 GMT
age: 15686
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe800d6af728cd622a6192ad5e7dda6a
3a301dd894fc428c7d1863c9d5eaf2652f5c2083
f4923c211ef24e933bbe73bd8d2033d6b6da4a9fa0c9d4699a1041a7bd8bf5a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12216
x-amzn-requestid: cc61a63b-35fe-4bfa-ad20-1db3f4165446
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFrCIAMFoYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-2b5e27c62218510b74ea0989;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Cf13Lp2SFHQ4SSF6_KpC4zx339tZRkMmnmF-OKM_2hbWbIoR3OLJ_g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:50:49 GMT
age: 15259
etag: "3a301dd894fc428c7d1863c9d5eaf2652f5c2083"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 65981
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 14986
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db6e81972b8835dc48a0dae751ffde5f
826e2195cc52905cfed0bc4f01646290261113b6
720e6105b2ccc9cbc8fd005d53873ced5467a852c7a5041ce2ef96785c0d92f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6060
x-amzn-requestid: 80cbc454-e1b4-4e53-a3b6-3a5ac11920c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPQEPNIAMFkqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c594-4539ebb17f27d88a47100a82;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvujLqUMXZ4VAF2OePAIOdk96p6-GwwVcWEGORS2NKZ3XxgGIZHAww==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:15 GMT
age: 14993
etag: "826e2195cc52905cfed0bc4f01646290261113b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7543be9bef0afb8f61344286b7136dd7
e1537aa408cde39d2a314cc2a14f7f7a04a84eb1
162f0898f88d84c8d06542e48e8ff6a903e638f2a837f32681ae1f5e28ae40d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7303
x-amzn-requestid: 081c79e9-2b23-47ad-8b7d-7197c5515c0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f58kdHMvIAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a7b5-66fca524070e374310920915;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SU23ljJF5eIu0L9YNQOtZlwuMHs9Ri91iu2-YS9v2pNBA-pkJYU2SA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:26:40 GMT
age: 67108
etag: "e1537aa408cde39d2a314cc2a14f7f7a04a84eb1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
promouber-br.com/uber_files/fbevents.js.transferir
200.58.111.23200 OK 11 kB URL HTTP/2 promouber-br.com/uber_files/fbevents.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (30724)
Hash 280d405a79398a6e9dba6047f919a812
591da8abef6da15fc22d91b19b69b676f9dae799
6006b6ad38ef37c8c41b39938c41e74d590fadf9edb1399315099202f11ef21c
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/fbevents.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "865e-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 11065
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir
200.58.111.23200 OK 24 kB URL HTTP/2 promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir
IP 200.58.111.23:0
File type ASCII text, with very long lines (32084), with escape sequences
Hash baa7c1f9c48498c500325d42fb7107ff
c72d7a6dc91d28fa13b83922449757ec217162c6
d46f14c24798372ec16de9553e7bd4cf1cf6fbd981790f5ffd5ef369e0977586
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "116cf-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 24393
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir
200.58.111.23200 OK 30 kB URL HTTP/2 promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32002)
Hash 725ff2ef09e8a399240e70686a92c97f
3ca7a177105d1c2c2f9d09ade057a1c3ab747ece
4047921e4bc7f729bbee4d465f7254c645d0f00c9fc487ce553a0c76efcb1d09
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "145e0-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 29565
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.578.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.578.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.578.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.590.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.590.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.590.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.627.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.627.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.627.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.651.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.651.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.651.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/recaptcha__pt_br.js.transferir
200.58.111.23200 OK 77 kB URL HTTP/2 promouber-br.com/uber_files/recaptcha__pt_br.js.transferir
IP 200.58.111.23:0
Hash 659b2198160616c9b4c8c25dc1810672
5cb0c27b3f40ab54d0a8274accd8a2a4f8950dec
c6a86cc9398efae63c79cdf9f4d779fbda2cd1dc6fe9a1504effd59b89839e80
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/recaptcha__pt_br.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3be66-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.756.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.756.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.756.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.830.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.830.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.830.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.871.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.871.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.871.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.872.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.872.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.872.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.876.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.876.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.876.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955
2.18.173.203200 OK 2 B URL HTTP/2 tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955
IP 2.18.173.203:0
File type ASCII text, with no line terminators
Hash 7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
GET /utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
content-length: 2
unused62: 8096267
cache-control: max-age=600
expires: Wed, 08 Feb 2023 02:15:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549
2.18.173.203200 OK 5.0 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (1814)
Hash 4f8dfa8580ba4748cee4696bcb9eb769
7304ee37292ba5b703ae58bd8dcc63296c2de75c
ae214f57e21f23887d9192591fb9cf00d657eb08058d3715ca86ff652bb59c8f
GET /utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "a1ec24f47582608569fb66c0386ac73c:1665475010.455156"
last-modified: Tue, 11 Oct 2022 07:56:50 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 5048
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549
2.18.173.203200 OK 4.1 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (2966)
Hash c13edd59bfa1b8f3dda2345ca1b4f764
05b45e8288ff748d011fcf6ea34f3245e02faa2f
81fea4eaf5e4e5adaf2bcd9f8997f9beb19b54de9be5ce68eccfcd5d6e95c9ea
GET /utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d5a01af3d27efa3250a048c8d020dcca:1646117996.531903"
last-modified: Tue, 01 Mar 2022 06:59:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 4143
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549
2.18.173.203200 OK 2.3 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (1472)
Hash b94d4cfa9b87b0268e9942ef596c7bd7
08b84edadea561433e99f9187a58442565291138
e8c33b96cf665c9908fb32a1882031053c6ab748272d15945d65c77233862ad8
GET /utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7748bba104b781b3fdd7acd83c6ad0e3:1645544836.126387"
last-modified: Tue, 22 Feb 2022 15:47:16 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 2336
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549
2.18.173.203200 OK 3.6 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (4440)
Hash ed02ebdcfbbae2501744e82f7bc6497c
5f1ead8a5a21e7b8caf7746f2f55e23941933606
9ca962f0cd30897bcfac8393e9d2d4663ddbbf11e2a9018fb0c4b0e512fb8611
GET /utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "e78ac67f20c3287c1b705723dd2326b5:1660063652.178447"
last-modified: Tue, 09 Aug 2022 16:47:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3637
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549
2.18.173.203200 OK 3.2 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (2208)
Hash ccb52e7f4463caecb990e92f26e7788c
6a7106e16075fbb17f9f4536ee95947505cff5dd
4b54748a61b5d77fcd3f440bc3558eb4326d3adfde044396071364f0bc2c435c
GET /utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "3fdb50076f520ff772cf1b77f5c26b32:1660063651.325718"
last-modified: Tue, 09 Aug 2022 16:47:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3209
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549
2.18.173.203200 OK 3.0 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (4628)
Hash 345bbfab47028c7016868b167204e5e8
ffdbceafda83adf8b8d5914430d9d544ea40e4a4
490d5d9ab63a6a5aadceeb6a06aa308647c1f19e5c603b1015fc6a7243975c9d
GET /utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "3d665ccc113e9037e5424f3bceae0792:1672820517.689664"
last-modified: Wed, 04 Jan 2023 08:21:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3010
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549
2.18.173.203200 OK 2.8 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (3183)
Hash 4560a3d81e0dad85b6a153c77933e510
9bf1ce36a874490c9ae24fe9fb71aaf10c4780bb
155461edb1b96f16fa333eab4ed58ca43094acc6b41a7ab7e1988f64a23c1148
GET /utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "df56be96b8880ac37841e171adf5468d:1656584715.287255"
last-modified: Thu, 30 Jun 2022 10:25:15 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 2772
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549
2.18.173.203200 OK 3.8 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (1756)
Hash eea614dadaf45e198cc7e80963c3a141
e6f9413172b59b8b0b5d5b0ecc59ccb07213306e
e2cf6ffea5ee9d814ddb454470ada86c7a12f3644391a304be58d31b310056e1
GET /utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "63c032c4e108a987c399ce6aa4edcafb:1635493021.403615"
last-modified: Fri, 29 Oct 2021 07:37:01 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3788
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549
2.18.173.203200 OK 4.7 kB URL HTTP/2 tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549
IP 2.18.173.203:0
File type ASCII text, with very long lines (6319)
Hash 9fa3de8b9da8db2a6b48a2389a12efa3
8737132217f1b2077e1df6775a3a178eabc82648
32c94da523dd7b1db56f85ed55b3043985dc333ca1e3ff073bb05e60ea4fbed4
GET /utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "ed6acdad6dfcf205f19e3734b47efc5c:1665748469.680643"
last-modified: Fri, 14 Oct 2022 11:54:29 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 4720
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-975102964
142.250.74.40200 OK 68 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-975102964
IP 142.250.74.40:0
File type ASCII text, with very long lines (6669)
Hash e853e2537863dc82cdb0fd610d734e35
907d8bc5b88ed733c9287f98049bfe67bc484eb1
78e7a3ee085a03612fc55949b14be8496ade0c82fa885f5432d0a4d7fc49f6b2
GET /gtag/js?id=AW-975102964 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 02:05:08 GMT
expires: Wed, 08 Feb 2023 02:05:08 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 00:41:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promouber-br.com/uber_files/utag.945.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.945.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.945.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/button_participar.png
200.58.111.23200 OK 1.3 kB URL HTTP/2 promouber-br.com/uber_files/button_participar.png
IP 200.58.111.23:0
File type PNG image data, 320 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 3e17c7c938c22beb82d58eb06ac60988
ea3d181a2d95351ee8925ef63144ec6ceb547c28
54fe85ee41790431f79b63a8ec8490c2d88f7c784f72cf5934cca36fd35f937f
Analyzer Verdict Alert openphish Uber
GET /uber_files/button_participar.png HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "50a-569af26a39000"
accept-ranges: bytes
content-length: 1290
content-type: image/png
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/utag.v.js.transferir
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/uber_files/utag.v.js.transferir
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/utag.v.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/dest5.html
200.58.111.23200 OK 3.0 kB URL HTTP/2 promouber-br.com/uber_files/dest5.html
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (635)
Hash 4664499d7646da9c6b2979e7b108a571
488b82119b74e668dd52084960fce237e79a4dc7
f3762f6de5239b715f419d2b0556f58d0c5d1fde695f5e96e0dd5629fd03a032
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/dest5.html HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1c6e-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2963
content-type: text/html
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 177cacd66ff7c51373a073453845e0f4
a4c6ff1b670d6fbe72fb60f54a10c6113bcc9399
9818edf620387e3a2dd0f693e455fa8db939e94969e64b0001b6b1e72319e9b6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=129184
Date: Wed, 08 Feb 2023 02:05:09 GMT
Etag: "63e256ce-1d7"
Expires: Thu, 09 Feb 2023 13:58:13 GMT
Last-Modified: Tue, 07 Feb 2023 13:49:02 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sjiRz5On-aB9k1Fv8VMYxvZyPumvLisIAPpL90RpRylZBCwkENjGNg==
Age: 551
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 177cacd66ff7c51373a073453845e0f4
a4c6ff1b670d6fbe72fb60f54a10c6113bcc9399
9818edf620387e3a2dd0f693e455fa8db939e94969e64b0001b6b1e72319e9b6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=129228
Date: Wed, 08 Feb 2023 02:05:09 GMT
Etag: "63e256ce-1d7"
Expires: Thu, 09 Feb 2023 13:58:57 GMT
Last-Modified: Tue, 07 Feb 2023 13:49:02 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lGDgwCppvJwOUmmJIwvFBYuk2wvw6K0V5cr5dg0M7b2_DKeNjx15HQ==
Age: 595
gtrk.s3.amazonaws.com/s?u=512593&t=rpqoi0
52.218.252.67403 Forbidden 243 B URL HTTP/1.1 gtrk.s3.amazonaws.com/s?u=512593&t=rpqoi0
IP 52.218.252.67:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 3a385afd130b3bfa4cc4b531cf82c4ee
b70bc67105ed7032bc5558a2b04e3c7e1325dfd8
0db83b0b0aa56e7e06c557283f5c466406225283364e2692c2b203d93addec45
GET /s?u=512593&t=rpqoi0 HTTP/1.1
Host: gtrk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
x-amz-request-id: R0EZ6KCP6MQ2EZ6H
x-amz-id-2: 6RX4MqhFpkBszOpSxqwOKaTO8UYO1SO/cJWidfX0HfmtYmxLMijskawQvAU/e6txonDH3y0ijzY=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Wed, 08 Feb 2023 02:05:08 GMT
Server: AmazonS3
d1a3f4spazzrp4.cloudfront.net/chameleon/cms/uploads/2016/10/24/1477347860-pattern.png
54.230.245.23200 OK 17 kB URL HTTP/2 d1a3f4spazzrp4.cloudfront.net/chameleon/cms/uploads/2016/10/24/1477347860-pattern.png
IP 54.230.245.23:0
File type PNG image data, 125 x 125, 8-bit/color RGB, non-interlaced\012- data
Hash 46c1ae1dd72137e7e701b895eec6e1f8
e02f6b53fb0f5c5d888a6ac474b816056919f4d1
c963a9aeac483dc22ef96c3d0ccf451119c0034fea99e0557ce1d12da80a0fa0
GET /chameleon/cms/uploads/2016/10/24/1477347860-pattern.png HTTP/1.1
Host: d1a3f4spazzrp4.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 16922
date: Tue, 07 Feb 2023 03:54:05 GMT
last-modified: Mon, 24 Oct 2016 22:24:22 GMT
etag: "46c1ae1dd72137e7e701b895eec6e1f8"
x-amz-version-id: 7f3duUFAw.DLwbr82l4mbpxpe9jXiG6s
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qjxm5v0A0L6_KysD6EjmYcksv2M9LtdXdp43R1erR1Onlo4_uIyFBg==
age: 79864
X-Firefox-Spdy: h2
promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir
200.58.111.23200 OK 125 kB URL HTTP/2 promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir
IP 200.58.111.23:0
Size 125 kB (124966 bytes)
Hash 743686aa993a67778e09ca7e93f747d5
b1d3b191a1d9d48d4e0e034f199ace1610e113c5
f48e46db3bddf63f9bbee242d3a272420a06dd579f71fa4d91e1153221e49992
Analyzer Verdict Alert openphish Uber
fortinet Phishing
GET /uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "5e942-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 08 Feb 2023 01:45:20 GMT
expires: Wed, 08 Feb 2023 03:45:20 GMT
cache-control: public, max-age=7200
age: 1189
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Wed, 08 Feb 2023 00:10:49 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 6860
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2987
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 01:15:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391
142.250.74.46302 Found 417 B URL HTTP/2 www.google-analytics.com/r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391
IP 142.250.74.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash dfd7e22eaf1ed5d0cebd8e3f38d42c0f
d7441a6f05da027efef57c099bf4f7fdd6494dcd
05e37b2ad5c7db4395b702a2fe8c8253fc3254d4bd6faf3ccb2738881416cb17
GET /r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0>m=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391
access-control-allow-origin: *
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 417
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: lIu9Ce81MoFpzW/VWnl4RhggL8OFdkEv2Ur/WLS/NC3S7tBdq9AMrU6Dv0qCPPyEGmaxMj1BNK+HhM5rEnjn/Q==
content-length: 27843
x-fb-trip-id: 1904183273
date: Wed, 08 Feb 2023 02:05:09 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 883 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1867), with no line terminators
Hash 256f06d7d93a65d7b415a5932deb0ad0
70cc43bf4bc3a16828cde30e5107d4d763a414ef
7590bb8b48351dca049287683a44f754def0146d7c472636b92b2e9ec52af2ad
GET /pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 883
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4
142.250.74.130200 OK 883 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1863), with no line terminators
Hash d14f6b456a68446f11a2746967fd6f5f
bff405e1011ceeec44316b8f505668a9576c87e3
2a2e0a1a07c9ba0a76cfed614059b645d47d9c18894f31950e57b298a517b142
GET /pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 883
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/api2/r20170727143628/recaptcha__pt_br.js
142.250.74.35404 Not Found 1.6 kB URL HTTP/2 www.gstatic.com/recaptcha/api2/r20170727143628/recaptcha__pt_br.js
IP 142.250.74.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash eb4b3e7d092624b03a15f7ed64f96a6e
bb63cb1d1b72957ce4b35bb4a8019ed776e4bd50
bddb1920e804f32667a40050b8937ff65f2ec14bd13fed92f9fb427ed168fd5b
GET /recaptcha/api2/r20170727143628/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 02:05:09 GMT
server: sffe
content-length: 1611
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2987
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 01:15:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 885 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1867), with no line terminators
Hash 304d8865fda7bb9aa1f624257ec706b2
5133641f5e2bd7efee8cabddbcbf423f57c2b214
032ff28d86b44250369af12afe938a9618adffbfd84467d3ada14e9dd4cf6445
GET /pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 885
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 884 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1867), with no line terminators
Hash 766d4d363a09f6de172fc4a8dbe0c0cb
e30dc8637bbe86abb1f0d61cf346333e201a6ea4
864ea40de24715231a054ec6c532dbdddc6f8dd6b3e9de7dd6ca6c6c1293b410
GET /pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 884
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391
64.233.165.155302 Found 364 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391
IP 64.233.165.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 100bd23a9799b3529efe97dd07a3f6d0
e532aae685a7ff965a2bdd900fb07396361c9560
00684884a89aa1ccb16c4b4e4028cd528f106bbb24157bb0134998d918117353
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
promouber-br.com/favicon.ico
200.58.111.23404 Not Found 196 B URL HTTP/2 promouber-br.com/favicon.ico
IP 200.58.111.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert openphish Uber
GET /favicon.ico HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Cookie: _ceg.s=rpqoi0; _ceg.u=rpqoi0; utag_main=v_id:01862ec5cea30009e070bee1f56100050001900900918$_sn:1$_se:2$_ss:0$_st:1675823760955$ses_id:1675821960868%3Bexp-session$_pn:1%3Bexp-session$segment:b$optimizely_segment:b; segmentCookie=a; utag_geo_code=PT; CONSENTMGR=c1:1%7Cc2:1%7Cc3:1%7Cc4:1%7Cc5:1%7Cc6:1%7Cc7:1%7Cc8:1%7Cc9:1%7Cc10:1%7Cc11:1%7Cc12:1%7Cc13:1%7Cc14:1%7Cc15:1%7Cts:1675821960951%7Cconsent:true; _gcl_au=1.1.390928720.1675821961; _ga=GA1.1.1497242055.1675821961; _gid=GA1.2.1533917307.1675821961; _gat_gtag_UA_7157694_35=1; _ga_XTGQLY6KPT=GS1.1.1675821961.1.0.1675821961.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:09 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 912dbdfd52f101d5fff4e445f67aaafe
bb02da32f3fd94f89d29dd5712142a6c63eb11a6
31c1af8e7bf33123c5f93104b9b0b9780712824dfe3636f80d8c4a5af6573816
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5581
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 00:32:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed3f32fef9b843f5511bb882c0a38358
a1a60921f7cb6ab14b645c77bb7d77c20b8201ef
9a4b9e269aa66258c1d9b10fb1af899a3e669de3e244dcfd843a0bce87646f8e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617
104.244.42.3200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617
IP 104.244.42.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:05:09 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_yq4Vbw4NY3nJFdpivVN+tA=="; Max-Age=63072000; Expires=Fri, 07 Feb 2025 02:05:09 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: ad088e22ecf3afd1
strict-transport-security: max-age=631138519
x-response-time: 104
x-connection-hash: 5beb6cafaae177c1589b64804f47ca3b0af62e24f05a074c5a2e9aeb169c18e0
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-XTGQLY6KPT>m=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-XTGQLY6KPT>m=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-XTGQLY6KPT>m=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promouber-br.com
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://promouber-br.com
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
promouber-br.com/uber_files/superfine(1).css
200.58.111.23200 OK 0 B URL HTTP/2 promouber-br.com/uber_files/superfine(1).css
IP 200.58.111.23:0
Analyzer Verdict Alert openphish Uber
GET /uber_files/superfine(1).css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3476a-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2
promouber-br.com/uber_files/uber-icons.css
200.58.111.23200 OK 0 B URL HTTP/2 promouber-br.com/uber_files/uber-icons.css
IP 200.58.111.23:0
Analyzer Verdict Alert openphish Uber
GET /uber_files/uber-icons.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1a3d8-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2