Report - promouber-br.com/

Report Overview

Submitted URL
promouber-br.com/
IP
200.58.111.23
ASN
#27823 Dattatec.com
Submitted
2023-02-08 02:05:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
176

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
tags.tiqcdn.com	969	2013-01-15T06:04:26Z	2023-03-13T05:18:20Z	4.2 kB	37 kB	2.18.173.203
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	529 B	1.0 kB	64.233.165.155
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
gtrk.s3.amazonaws.com	66704	2017-01-30T06:01:22Z	2023-02-07T14:31:10Z	398 B	507 B	52.218.252.67
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	2.1 kB	22 kB	142.250.74.46
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	374 B	29 kB	31.13.72.12
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	2.8 kB	6.8 kB	142.250.74.130
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	402 B	1.9 kB	142.250.74.35
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	3.2 kB	3.3 kB	142.250.74.164
analytics.twitter.com	526	2013-04-10T21:53:18Z	2023-03-13T05:25:19Z	527 B	613 B	104.244.42.3
promouber-br.com	unknown	2023-02-07T21:08:16Z	2023-02-07T21:08:16Z	20 kB	346 kB	200.58.111.23
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	6.9 kB	14 kB	142.250.74.131
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.13.249.229
d1a3f4spazzrp4.cloudfront.net	unknown	2014-12-21T12:28:10Z	2023-03-10T21:57:59Z	442 B	17 kB	54.230.245.23
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	2.1 kB	93.184.220.29
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	3.2 kB	3.1 kB	142.250.74.163
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.76.226
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	677 B	447 B	216.239.34.36
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	60 kB	34.120.237.76
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	384 B	68 kB	142.250.74.40
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	2.0 kB	54.230.245.118
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	392 B	31 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber
2023-02-07	medium	promouber-br.com/	Uber

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	promouber-br.com/	Phishing
2023-02-08	medium	promouber-br.com/uber_files/linkid.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/uwt.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/ec.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.578.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.651.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.627.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.v.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.590.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.876.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.756.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.871.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/analytics.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.557.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.44.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.872.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.830.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.727.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/api.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.945.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/2593.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/conversion_async.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/fbevents.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.578.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.590.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.627.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.651.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/recaptcha__pt_br.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.756.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.830.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.871.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.872.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.876.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.945.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/utag.v.js.transferir	Phishing
2023-02-08	medium	promouber-br.com/uber_files/dest5.html	Phishing
2023-02-08	medium	promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (47)

	URL	Size	First Seen	Last Seen
	tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955	2 B	2023-03-07	2024-04-26
Pretty URL tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 21:47:15 Times Seen21821 Hash 7bc0ee636b3b83484fc3b9348863bd22 ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610 a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549	9.5 kB	2023-03-12	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:06:02 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 3d665ccc113e9037e5424f3bceae0792 d92837ab299ab426ceac64015413009ab1cc855f e406f31d93a5303f44553d0b4a1bb0978b7ed0bdc7ec3366018081f963d346e3 Loading...

	www.googletagmanager.com/gtag/js?id=DC-5525825&l=dataLayer&cx=c	114 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=DC-5525825&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 883e4738be54073fac1f2182b4f83392 9b582d7ced9bf6542dea5ff76d3a3fd0afee4c9a e04eaf73a06ce4636e4361332ba48f998ff7c4180d07d28520c46e587210d37c Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 0968aead6b084466912091ea1fc659b5 1258da9acd3819037f03401b752bb26edac9721c e34da696f14bbb69e8f0251c1291255fa718d6398edf54bb1685dc7ba8b517a3 Loading...

	promouber-br.com/	103 B	2023-03-11	2023-03-13
Pretty URL promouber-br.com/ IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:42:28 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 8296095ab584a11e208675504a999d41 4dbfda00c8491468d1473ad08cc97658d113e1fa b7dbb5882ff40d4e79757065d5fb84de5e041633bf360dfc1b1762d9c2663c1c Loading...

	promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir	83 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 40b06e054ed259a2da4f30199c338dae 80bc221880b21e109a372ba6ea52803efc6b0db7 e82043208fcdf38e192885bb302658b3ee80130193cc300e8fab0bb8967ad0e3 Loading...

	promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir	387 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 40f6a94c45ecd7a6cdb6d1d5d43c6d42 03ac3739977b630b515e80bdbe89ee8914ceee47 d219502ea24dd659c537a385dad81c052edba523435c3c9936802fa901ba26ba Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549	9.4 kB	2023-03-09	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:28:17 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 3fdb50076f520ff772cf1b77f5c26b32 c2a4bed8d2c6c0fd5a52aa6c8dafafd8f1fa21aa e2cd6f49a0567b4a0a08036f5ecbca9190d57a704ade2725b2607325763bffc4 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549	18 kB	2023-03-13	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash ed6acdad6dfcf205f19e3734b47efc5c 8ab57fda0c4b18fa7763fdb0ce75c72901482205 ea23779911505ce919a401777b5f72fb47cc30c391c5c92f6fcf32e7ed4b92bf Loading...

	www.googletagmanager.com/gtag/js?id=AW-303996578&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-303996578&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 194df52870e2229a89ae4439a8bf6a70 cbc2ff2161713e903d8c939dacf37ca2d8eeb6d4 95b22b2c5d62638bb2e2bb933a071183c9940cc4e1d2b2eeb10ae880a0ccaea5 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 21:20:20 Times Seen13760 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	promouber-br.com/uber_files/ec.js.transferir	2.8 kB	2023-03-07	2024-04-24
Pretty URL promouber-br.com/uber_files/ec.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen1644 Hash 7b430c6350a59a7cf22b9adeccba327b b48d3c289bcb6809bb52fffd8f013055ed6bcd65 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c Loading...

	promouber-br.com/uber_files/recaptcha__pt_br.js.transferir	245 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/recaptcha__pt_br.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 1f004434a932325b48ac727345c160ae da71555c03b5be4a0063bd3d89323fce3216f864 0d78e866fc25ae83d21bc787b405cfb9639a4ea6ae2ad59fe3163e6e79ca3a25 Loading...

	promouber-br.com/	58 B	2023-03-08	2024-02-10
Pretty URL promouber-br.com/ IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:38:09 Last Seen2024-02-10 01:24:22 Times Seen30 Hash 9c1939296e9b8389f79fc2cc5450febc 3603fd611a1c2d9874ad6f4df6d5fc69a93346ce 1d37bc02f4d2b8de87325c7aec348c92adb5a2607313d2345568e8723375db74 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash af66b117f7a7017d6c6b7c29eb74d889 6386b170dee98ced5598be0ee0de5a77e6b11141 9e7acfe8b989e893dfb378d360e0dd39d81625121240b5c0354729c57f2c6a9e Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash ba184842da9df76c4a679be33b7e987f 81e0150411310f39daadf04ee9500bdfc5567bdc dcdc90dbecbae082f3361ebe29a148ddab29c57231490ba22222994742542c6d Loading...

	promouber-br.com/	235 B	2023-03-11	2023-03-13
Pretty URL promouber-br.com/ IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:42:28 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 89bcecbe6ae21192308746d94d6264f3 d14d5d884e5ddb75e02076c9e92b43f2813dd99a b8c583ff056087ebf54fe01ac48bb05b8875a6b0676dc69f5a7ea86f6257581b Loading...

	promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir	71 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash c256e6c40d20647f813765bb9181e40b 3ac30d904d681654788e4e553ab761b494ec5f4e d931c675a0a03bda3e0c49cf7aab8ac7be584d514aebcbdcc09920b984fcb0f3 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549	12 kB	2023-03-09	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:28:17 Last Seen2023-03-13 19:23:34 Times Seen1 Hash e78ac67f20c3287c1b705723dd2326b5 5fc5a6403e348612fbf17358f1a7e3d9c08917e7 cb5a873bb66f2b3278b160a020287def45a1ba8952b140b875a633d68cf8d070 Loading...

	www.googletagmanager.com/gtag/js?id=AW-975102964	189 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975102964 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 1cc1637b700279c203f4482cfdf8f03d 12ff1de3c10b6ef1d9f2fc704872bc2d615b77e7 de0c323cd01e7948137fd4056c3bff542022f27a38b8918c967e7b83adede8ce Loading...

	www.googletagmanager.com/gtag/js?id=DC-5731039&l=dataLayer&cx=c	114 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=DC-5731039&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 3d017a7fcdb4dd10d7d20771b661d294 41d2367c062b846e492e3196392818f5befa1925 a584384d9190dbdf9d9dd752b430c3d3cd974c13bab27dd32bff2b07cc15314e Loading...

	www.googletagmanager.com/gtag/js?id=DC-8617315&l=dataLayer&cx=c	114 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=DC-8617315&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 6d479890bbf4ccad2c77f09230f72d9d e6c0fb90248096cbeec5eda41cf78356ba89daef c768045778e16ce2f61062739f12bf8fb5fa7a559681b34e9388a2d6ef6846f6 Loading...

	www.googletagmanager.com/gtag/js?id=G-XTGQLY6KPT&l=dataLayer&cx=c	225 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-XTGQLY6KPT&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash e221f8d6954818cad319add94261977e e5e3e800e0da7439c568efd2be8989455cc158c6 deeb0b0782abcd61c7df676e76994f4ad77ca5f5f0eb885b19e7b7a3e592575e Loading...

	promouber-br.com/uber_files/conversion_async.js.transferir	12 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/conversion_async.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 4d4fe13a5c4fb9759dc7dcbdeb632298 04080f9d6e8e4dc27bd2a5c226412a9a17e13735 341fabd4891d2b73b6b64f1867eeaaa7b1e4fbc24ff966f2a735853e03ab0264 Loading...

	promouber-br.com/uber_files/api.js.transferir	702 B	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/api.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash fc1533fab9c0f9a89a12736ee1a66ed9 71bdbeba09eb958aab7b76ca456505c53bd20779 7a9ccb9df6740966ed03db0e35a4e2507e79375087ff436201dd91e823d5700a Loading...

	promouber-br.com/	418 B	2023-03-11	2023-03-13
Pretty URL promouber-br.com/ IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:42:28 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 0a0156333e2331b029c1d2c2a4007858 54391a8ccfc275017835252efc5e238ded0932e5 50a31c698ab17291a9de35058f3a3eec7edf6f31c1eaf3ea0dec48defce53ee1 Loading...

	promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir	2.4 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 1ba3e68d0258d36cf4bbf73a30d5dad2 bb001cbfa1cecaafef7b84ff15ba06f12aa6b92f 1c54679e317506bba8ba635a3f74d9c8b5e2ce5415b95d1a1b735eef1d44eaaa Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549	18 kB	2023-03-13	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash a1ec24f47582608569fb66c0386ac73c cbbc34ef4a758de7016ec6be6a2df53bb3cdf9a5 55ad40aa01104d72b44bbe4be424eb95324cdb3a8b2bfecd40dc8ba62c1752f4 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549	12 kB	2023-03-09	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:28:17 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 63c032c4e108a987c399ce6aa4edcafb 6201154ee4badeac1472b7563784bbe412a65f16 558d1d59430874f0ffd9affcb55213fe41766f9825126f740c8137ed2e6ab643 Loading...

	promouber-br.com/uber_files/dest5.html	6.9 kB	2023-03-11	2023-03-13
Pretty URL promouber-br.com/uber_files/dest5.html IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:42:28 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 09e2d481ff0375e5158a58eacd1fb6f6 35d1ee72be65f425d80c27d860cb05f4b14109c7 b5377bf98540e11b2f0245694444167c8748d9d940fb88ea6c4ea480b6eb11ba Loading...

	promouber-br.com/uber_files/linkid.js.transferir	1.6 kB	2023-03-07	2024-04-15
Pretty URL promouber-br.com/uber_files/linkid.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-15 19:01:06 Times Seen1974 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	promouber-br.com/uber_files/fbevents.js.transferir	34 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/fbevents.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 87ce854ebde64cb648471e712f6c1e02 f4119a9a979d7e806615ec28f2d1f254423e5fbe 69d08d422e52f99c395ec6a4841c71f79ea2d56446aab357fc9689cd9686bc95 Loading...

	www.googletagmanager.com/gtag/js?id=UA-7157694-35&l=dataLayer&cx=c	113 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-7157694-35&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 2693026cf3c8c7dce8f568ad21f78b38 92c6a19fcbe66f277edfb0f9421fd95f225ef49f 94180919ac158213f8bfc577f2447920f7fb409a7d2033f3f9be118da43f0f84 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 22:05:34 Times Seen37102945 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	promouber-br.com/	253 B	2023-03-11	2023-03-13
Pretty URL promouber-br.com/ IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:42:28 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 5157ef86c0adb32bc3951d83f0ebcb5a e6aec291dcc4b676a0737bfb6b19c7b8d15a8f6c 980363c57028481f75038554749519cf3d4173553800aac3e4eadb692a6d6150 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549	8.0 kB	2023-03-09	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:28:17 Last Seen2023-03-13 19:23:34 Times Seen1 Hash df56be96b8880ac37841e171adf5468d 929fb4efd45c476d8394d3ceb28d39733c817b3c 937e1b42d91107192aec0e95a68d3a4ce213449c4b2437f8feb2fbb70f4d6fde Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549	14 kB	2023-03-13	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash d5a01af3d27efa3250a048c8d020dcca 53abebf84ef856430108748883c7caee6612670f 6f10d551520c886429c62998dafd75e04b8327ac51cc01375302ab548ebdb9e7 Loading...

	www.googletagmanager.com/gtag/js?id=DC-8183467&l=dataLayer&cx=c	114 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=DC-8183467&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 362e91e3ec59dda8f947d6bc2e199621 e463ce4735dd14559d414805c5f513afb16de976 c63aa845351028eac464f15ae07c6cf86d5a21dc99141fa944a81baf89fdf663 Loading...

	promouber-br.com/uber_files/2593.js.transferir	10 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/2593.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 10976f1b1a9e38d54178f6aeba312060 83a919bbf1e0aee4e9feebc0f66f7b6d356df3c6 2e55c5f40888388c81413204cab46506b097ea51ae083a5aa0f5bd23302c0e3c Loading...

	promouber-br.com/uber_files/utag.44.js.transferir	23 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/utag.44.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 26c2204c4f0cecc89b45248494ebe019 abb9c98bb718ec315d703a0193d7eef1028c4011 435e82d0c171c53c8f931ab541d6942acc83b7b238cc0f33b45241f3600a7350 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.js	232 kB	2023-03-13	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 3b1a81c8bc7b6bf623a7d3dfb05f7269 c597077e1e397b68a941d7cfc9bcfff69be1cf44 3d8903477d39fb89c1c2be5e69474268407f7dc08171eee94a8dcdd13d375ce8 Loading...

	tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549	6.3 kB	2023-03-09	2023-03-13
Pretty URL tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549 IP 2.18.173.203 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:28:17 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 7748bba104b781b3fdd7acd83c6ad0e3 4ffcb0b2c44698a7dfe14f23ba9751c090e4957c 47860c1319491e1e38567ec4db4b467252c86bf09d2aa11da343c8211292f959 Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-13	2023-11-17
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:47:19 Last Seen2023-11-17 16:32:25 Times Seen5 Hash beca88e7d9125b63f58be285031b0930 08cda009ebdf601f0ffe06b0ee3065fff2fb105b c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4	1.9 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4 IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash 6d65cf706c24852033ab907361c46173 23f2e0a2c48c82008e57cf952a2c736b4a6fffd9 a48c7b0eab327d354509b838df08773117e7e83f68f092487a314981dd1c7d9a Loading...

	promouber-br.com/uber_files/analytics.js.transferir	30 kB	2023-03-11	2023-06-14
Pretty URL promouber-br.com/uber_files/analytics.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:48:16 Last Seen2023-06-14 20:07:32 Times Seen5 Hash d97e261f2f022e150f6c1ab87df1d6d7 3be0ab47728d8cf8eeed912b9d6afa7f1bb82663 765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba Loading...

	promouber-br.com/uber_files/utag.557.js.transferir	2.9 kB	2023-03-13	2023-03-13
Pretty URL promouber-br.com/uber_files/utag.557.js.transferir IP 200.58.111.23 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:23:34 Last Seen2023-03-13 19:23:34 Times Seen1 Hash bf6477e4189ecc360600c403031e307d 4f6002af954a59b486ae82fa534e2e24af807ed2 92e7b3572bb3f8459cc7c24164302129eec6f22c430604a702279d7244da9bdd Loading...

HTTP Transactions (126)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14358
Expires: Wed, 08 Feb 2023 06:04:24 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13025
Expires: Wed, 08 Feb 2023 05:42:11 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 01:34:11 GMT
content-type: application/json
age: 1855
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8873
Expires: Wed, 08 Feb 2023 04:32:59 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 9fIeBQPn2lF6yM9IGY+G7ikvFv/cB6+iOWb3FX9GR4HJTu4cpdoe7M4A8eRnmbPddyhu/s5xtLk=
x-amz-request-id: 253GMPCP35YPSCY3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 01:35:44 GMT
age: 1762
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 02:05:06 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 01:51:19 GMT
age: 827
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc1d233f69ae2256cc3c85df679065a1
e1f82f9aa96f0f7f1e44186a1472a6d77b87ba5d
8a93e3b345478785f73fba7476ce282273da62dec537cb8440d5950b31e5b323

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A93E3B345478785F73FBA7476CE282273DA62DEC537CB8440D5950B31E5B323"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 08:05:06 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11214
Expires: Wed, 08 Feb 2023 05:12:00 GMT
Date: Wed, 08 Feb 2023 02:05:06 GMT
Connection: keep-alive

promouber-br.com/

200.58.111.23

200 OK

6.8 kB

URL HTTP/2
promouber-br.com/
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1958)
Size
6.8 kB (6840 bytes)
Hash
7d00b55e2bf445f15d337d48c136b720
6c498adfe04ead3df36ac2070532cb3862a8cd2a
707b508754486d6c96a46f4b6e8987bdc8f557de33ef64a27be8f4ab5b356f1f

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "6d50-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6840
content-type: text/html
date: Wed, 08 Feb 2023 02:05:06 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.13.249.229

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.13.249.229:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pT5PSwBVv89MOID0dZcHog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: f5WBThEchLdSpABY9+D2Yx2Mj5E=

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 22:44:56 GMT
expires: Wed, 07 Feb 2024 22:44:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 12011
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

promouber-br.com/uber_files/linkid.js.transferir

200.58.111.23

200 OK

852 B

URL HTTP/2
promouber-br.com/uber_files/linkid.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1335)
Size
852 B (852 bytes)
Hash
2c9c1e44353bad2e6b729ad8674710e4
d00b7ce9bc66f3e76a107ae6f137727fa5995791
c1968f88dfb5ce136d3362a784a98f1972ce3cac12f7c06a3d599e180257d0a0

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/linkid.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "621-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 852
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css

200.58.111.23

200 OK

2.4 kB

URL HTTP/2
promouber-br.com/uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (9182), with no line terminators
Size
2.4 kB (2431 bytes)
Hash
e1a287aa8ba7f2611cab7d42b5a93156
1441eb8c3818e5be80c0f05486591ae9e5961229
ce06f48ae6ea6110bc8f3cde32d922d19ba2548e2125546d11b096a7f5e4890e

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /uber_files/new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "23de-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2431
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/superfine.css

200.58.111.23

200 OK

19 kB

URL HTTP/2
promouber-br.com/uber_files/superfine.css
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65445)
Size
19 kB (18991 bytes)
Hash
d71d10bb35d04f284e2c9e2eaeeba1ed
bf7325a11feff443ef95135e97d87eae4b68b046
971534af2f862d1d7909f6fa8435da1a245d5dc9102302041f76764728c895c9

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /uber_files/superfine.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1d8a6-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 18991
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/uwt.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/uwt.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/uwt.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/ec.js.transferir

200.58.111.23

200 OK

1.3 kB

URL HTTP/2
promouber-br.com/uber_files/ec.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (523)
Size
1.3 kB (1292 bytes)
Hash
a8e8bf3cc037dd861e63342a8f8a9f35
78a9a9e7240df05b7f7804fb960ab5cf410bee6a
3ed87ac15a9a6275c4982fdc15247cb4c0f924b072d47de037c31a3aacf70646

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/ec.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "adb-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1292
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.578.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.578.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.578.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.651.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.651.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.651.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.627.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.627.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.627.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.v.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.v.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.v.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.590.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.590.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.590.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.876.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.876.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.876.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.756.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.756.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.756.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.871.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.871.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.871.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/analytics.js.transferir

200.58.111.23

200 OK

12 kB

URL HTTP/2
promouber-br.com/uber_files/analytics.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1618)
Size
12 kB (12358 bytes)
Hash
68e40bf3a67b2781593f420e1c3cd3f8
72a56c72ea0aefc973d6f340902c38a329b4eaff
2f39d04039e9a366c130816247c974202fb5dc06cd50376428d25b5893adfb5a

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/analytics.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "7577-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12358
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.557.js.transferir

200.58.111.23

200 OK

1.4 kB

URL HTTP/2
promouber-br.com/uber_files/utag.557.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1418)
Size
1.4 kB (1406 bytes)
Hash
9d84f140d32bee08c91e9bec95f233d1
03281935e4aa20f696d9722dd638efc9191728b2
bf3c0e88976bdac4ba968bf5c4c0ba6ab8bf5de5932878c57e6c4bd6cfde63f0

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.557.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "b27-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1406
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.44.js.transferir

200.58.111.23

200 OK

5.5 kB

URL HTTP/2
promouber-br.com/uber_files/utag.44.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (2227)
Size
5.5 kB (5497 bytes)
Hash
0d798b05e35b253d7edeb313c25dd9bd
56ad463ca6a29036d581208b4bd5abe8e0c99033
778b0601f0903747ac45201d91e1dbe9e87c1b1055860bf761686b2677261cfc

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.44.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "585c-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5497
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.872.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.872.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.872.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.830.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.830.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.830.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.727.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.727.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.727.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir

200.58.111.23

200 OK

936 B

URL HTTP/2
promouber-br.com/uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (2344)
Size
936 B (936 bytes)
Hash
deb8740cd206cf177259f74cde1008b3
595efadd6e3c8f1a2938dee70a4a56881c409443
b71d5ffe62ffd6c1db0d356d96be3b96c8a72921623eaabf1e470530e2cade78

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/mobile_availability_helper.6102e89d43feecbf9237d530a3c92cab.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "985-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 936
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/api.js.transferir

200.58.111.23

200 OK

407 B

URL HTTP/2
promouber-br.com/uber_files/api.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (702), with no line terminators
Size
407 B (407 bytes)
Hash
fd80b7306b38138e62ebc30a899ceca0
cfc0b7d1453cd2c78c9724402c481ea3ef82397c
8d49280597ab8f48560d673351f8ae56805a2cf0e63d44286b5ab192f78648cc

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/api.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "2be-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 407
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.945.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.945.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.945.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/2593.js.transferir

200.58.111.23

200 OK

4.1 kB

URL HTTP/2
promouber-br.com/uber_files/2593.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
C source, ASCII text, with very long lines (10278), with no line terminators
Size
4.1 kB (4071 bytes)
Hash
47cfe865af73dfaf5cba65e22c446326
0433df70d396c0be435a83f0a6e7d37f416aa9fd
44f33edbd70e71289e6f785946f07ae77c1ebe8aa4858edd7f67b3369193a299

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/2593.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "2826-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4071
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/conversion_async.js.transferir

200.58.111.23

200 OK

4.8 kB

URL HTTP/2
promouber-br.com/uber_files/conversion_async.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1719)
Size
4.8 kB (4770 bytes)
Hash
dcaa74faf2b636be0233bca4b292f651
f8e67a82bb9a0ec8cf3b26fe9d3e2ac2b693fc4b
e664392edea2a938c9b4fe3dc2f8132c28d3b6c2ed454f122069dc5df4dfd8f3

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/conversion_async.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3084-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4770
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12728
Expires: Wed, 08 Feb 2023 05:37:16 GMT
Date: Wed, 08 Feb 2023 02:05:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12728
Expires: Wed, 08 Feb 2023 05:37:16 GMT
Date: Wed, 08 Feb 2023 02:05:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4269 bytes)
Hash
33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0hu3nATq26ngjS5942rJgt7AcT4wjG0mFfNrtsajSN2PpdAOYhTjFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:42 GMT
age: 15686
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12216 bytes)
Hash
fe800d6af728cd622a6192ad5e7dda6a
3a301dd894fc428c7d1863c9d5eaf2652f5c2083
f4923c211ef24e933bbe73bd8d2033d6b6da4a9fa0c9d4699a1041a7bd8bf5a2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12216
x-amzn-requestid: cc61a63b-35fe-4bfa-ad20-1db3f4165446
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFrCIAMFoYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-2b5e27c62218510b74ea0989;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Cf13Lp2SFHQ4SSF6_KpC4zx339tZRkMmnmF-OKM_2hbWbIoR3OLJ_g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:50:49 GMT
age: 15259
etag: "3a301dd894fc428c7d1863c9d5eaf2652f5c2083"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 65981
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10202 bytes)
Hash
f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 14986
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6060 bytes)
Hash
db6e81972b8835dc48a0dae751ffde5f
826e2195cc52905cfed0bc4f01646290261113b6
720e6105b2ccc9cbc8fd005d53873ced5467a852c7a5041ce2ef96785c0d92f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbee0b552-d236-4fa2-b702-1571b09d3fd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6060
x-amzn-requestid: 80cbc454-e1b4-4e53-a3b6-3a5ac11920c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPQEPNIAMFkqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c594-4539ebb17f27d88a47100a82;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvujLqUMXZ4VAF2OePAIOdk96p6-GwwVcWEGORS2NKZ3XxgGIZHAww==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:15 GMT
age: 14993
etag: "826e2195cc52905cfed0bc4f01646290261113b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7303 bytes)
Hash
7543be9bef0afb8f61344286b7136dd7
e1537aa408cde39d2a314cc2a14f7f7a04a84eb1
162f0898f88d84c8d06542e48e8ff6a903e638f2a837f32681ae1f5e28ae40d7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7303
x-amzn-requestid: 081c79e9-2b23-47ad-8b7d-7197c5515c0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f58kdHMvIAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a7b5-66fca524070e374310920915;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SU23ljJF5eIu0L9YNQOtZlwuMHs9Ri91iu2-YS9v2pNBA-pkJYU2SA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:26:40 GMT
age: 67108
etag: "e1537aa408cde39d2a314cc2a14f7f7a04a84eb1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

promouber-br.com/uber_files/fbevents.js.transferir

200.58.111.23

200 OK

11 kB

URL HTTP/2
promouber-br.com/uber_files/fbevents.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (30724)
Size
11 kB (11065 bytes)
Hash
280d405a79398a6e9dba6047f919a812
591da8abef6da15fc22d91b19b69b676f9dae799
6006b6ad38ef37c8c41b39938c41e74d590fadf9edb1399315099202f11ef21c

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/fbevents.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "865e-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 11065
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir

200.58.111.23

200 OK

24 kB

URL HTTP/2
promouber-br.com/uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (32084), with escape sequences
Size
24 kB (24393 bytes)
Hash
baa7c1f9c48498c500325d42fb7107ff
c72d7a6dc91d28fa13b83922449757ec217162c6
d46f14c24798372ec16de9553e7bd4cf1cf6fbd981790f5ffd5ef369e0977586

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/new-sign-up.8eb866e2a72b66f14840b403e8a8d8d2.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "116cf-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 24393
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir

200.58.111.23

200 OK

30 kB

URL HTTP/2
promouber-br.com/uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32002)
Size
30 kB (29565 bytes)
Hash
725ff2ef09e8a399240e70686a92c97f
3ca7a177105d1c2c2f9d09ade057a1c3ab747ece
4047921e4bc7f729bbee4d465f7254c645d0f00c9fc487ce553a0c76efcb1d09

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/jquery.9efaa9e14324dbbdaf1620efdacd6650.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "145e0-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 29565
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.578.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.578.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.578.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.590.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.590.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.590.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.627.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.627.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.627.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.651.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.651.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.651.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/recaptcha__pt_br.js.transferir

200.58.111.23

200 OK

77 kB

URL HTTP/2
promouber-br.com/uber_files/recaptcha__pt_br.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
data
Size
77 kB (76748 bytes)
Hash
659b2198160616c9b4c8c25dc1810672
5cb0c27b3f40ab54d0a8274accd8a2a4f8950dec
c6a86cc9398efae63c79cdf9f4d779fbda2cd1dc6fe9a1504effd59b89839e80

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/recaptcha__pt_br.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3be66-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.756.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.756.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.756.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.830.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.830.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.830.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.871.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.871.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.871.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.872.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.872.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.872.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.876.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.876.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.876.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955

2.18.173.203

200 OK

2 B

URL HTTP/2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=uber/main/202302031548&cb=1675821960955 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
content-length: 2
unused62: 8096267
cache-control: max-age=600
expires: Wed, 08 Feb 2023 02:15:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

5.0 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1814)
Size
5.0 kB (5048 bytes)
Hash
4f8dfa8580ba4748cee4696bcb9eb769
7304ee37292ba5b703ae58bd8dcc63296c2de75c
ae214f57e21f23887d9192591fb9cf00d657eb08058d3715ca86ff652bb59c8f

HTTP Headers

GET /utag/uber/main/prod/utag.1637.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "a1ec24f47582608569fb66c0386ac73c:1665475010.455156"
last-modified: Tue, 11 Oct 2022 07:56:50 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 5048
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

4.1 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (2966)
Size
4.1 kB (4143 bytes)
Hash
c13edd59bfa1b8f3dda2345ca1b4f764
05b45e8288ff748d011fcf6ea34f3245e02faa2f
81fea4eaf5e4e5adaf2bcd9f8997f9beb19b54de9be5ce68eccfcd5d6e95c9ea

HTTP Headers

GET /utag/uber/main/prod/utag.1480.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d5a01af3d27efa3250a048c8d020dcca:1646117996.531903"
last-modified: Tue, 01 Mar 2022 06:59:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 4143
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

2.3 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1472)
Size
2.3 kB (2336 bytes)
Hash
b94d4cfa9b87b0268e9942ef596c7bd7
08b84edadea561433e99f9187a58442565291138
e8c33b96cf665c9908fb32a1882031053c6ab748272d15945d65c77233862ad8

HTTP Headers

GET /utag/uber/main/prod/utag.1506.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7748bba104b781b3fdd7acd83c6ad0e3:1645544836.126387"
last-modified: Tue, 22 Feb 2022 15:47:16 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 2336
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

3.6 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (4440)
Size
3.6 kB (3637 bytes)
Hash
ed02ebdcfbbae2501744e82f7bc6497c
5f1ead8a5a21e7b8caf7746f2f55e23941933606
9ca962f0cd30897bcfac8393e9d2d4663ddbbf11e2a9018fb0c4b0e512fb8611

HTTP Headers

GET /utag/uber/main/prod/utag.1507.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "e78ac67f20c3287c1b705723dd2326b5:1660063652.178447"
last-modified: Tue, 09 Aug 2022 16:47:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3637
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

3.2 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (2208)
Size
3.2 kB (3209 bytes)
Hash
ccb52e7f4463caecb990e92f26e7788c
6a7106e16075fbb17f9f4536ee95947505cff5dd
4b54748a61b5d77fcd3f440bc3558eb4326d3adfde044396071364f0bc2c435c

HTTP Headers

GET /utag/uber/main/prod/utag.1508.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "3fdb50076f520ff772cf1b77f5c26b32:1660063651.325718"
last-modified: Tue, 09 Aug 2022 16:47:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3209
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

3.0 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (4628)
Size
3.0 kB (3010 bytes)
Hash
345bbfab47028c7016868b167204e5e8
ffdbceafda83adf8b8d5914430d9d544ea40e4a4
490d5d9ab63a6a5aadceeb6a06aa308647c1f19e5c603b1015fc6a7243975c9d

HTTP Headers

GET /utag/uber/main/prod/utag.1509.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "3d665ccc113e9037e5424f3bceae0792:1672820517.689664"
last-modified: Wed, 04 Jan 2023 08:21:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3010
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

2.8 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3183)
Size
2.8 kB (2772 bytes)
Hash
4560a3d81e0dad85b6a153c77933e510
9bf1ce36a874490c9ae24fe9fb71aaf10c4780bb
155461edb1b96f16fa333eab4ed58ca43094acc6b41a7ab7e1988f64a23c1148

HTTP Headers

GET /utag/uber/main/prod/utag.1555.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "df56be96b8880ac37841e171adf5468d:1656584715.287255"
last-modified: Thu, 30 Jun 2022 10:25:15 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 2772
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

3.8 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1756)
Size
3.8 kB (3788 bytes)
Hash
eea614dadaf45e198cc7e80963c3a141
e6f9413172b59b8b0b5d5b0ecc59ccb07213306e
e2cf6ffea5ee9d814ddb454470ada86c7a12f3644391a304be58d31b310056e1

HTTP Headers

GET /utag/uber/main/prod/utag.1786.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "63c032c4e108a987c399ce6aa4edcafb:1635493021.403615"
last-modified: Fri, 29 Oct 2021 07:37:01 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 3788
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549

2.18.173.203

200 OK

4.7 kB

URL HTTP/2
tags.tiqcdn.com/utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549
IP
2.18.173.203:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (6319)
Size
4.7 kB (4720 bytes)
Hash
9fa3de8b9da8db2a6b48a2389a12efa3
8737132217f1b2077e1df6775a3a178eabc82648
32c94da523dd7b1db56f85ed55b3043985dc333ca1e3ff073bb05e60ea4fbed4

HTTP Headers

GET /utag/uber/main/prod/utag.1810.js?utv=ut4.48.202302031549 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "ed6acdad6dfcf205f19e3734b47efc5c:1665748469.680643"
last-modified: Fri, 14 Oct 2022 11:54:29 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1296000
expires: Thu, 23 Feb 2023 02:05:08 GMT
date: Wed, 08 Feb 2023 02:05:08 GMT
content-length: 4720
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-975102964

142.250.74.40

200 OK

68 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-975102964
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (6669)
Size
68 kB (67775 bytes)
Hash
e853e2537863dc82cdb0fd610d734e35
907d8bc5b88ed733c9287f98049bfe67bc484eb1
78e7a3ee085a03612fc55949b14be8496ade0c82fa885f5432d0a4d7fc49f6b2

HTTP Headers

GET /gtag/js?id=AW-975102964 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 02:05:08 GMT
expires: Wed, 08 Feb 2023 02:05:08 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 00:41:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

promouber-br.com/uber_files/utag.945.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.945.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.945.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/button_participar.png

200.58.111.23

200 OK

1.3 kB

URL HTTP/2
promouber-br.com/uber_files/button_participar.png
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
PNG image data, 320 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1290 bytes)
Hash
3e17c7c938c22beb82d58eb06ac60988
ea3d181a2d95351ee8925ef63144ec6ceb547c28
54fe85ee41790431f79b63a8ec8490c2d88f7c784f72cf5934cca36fd35f937f

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /uber_files/button_participar.png HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "50a-569af26a39000"
accept-ranges: bytes
content-length: 1290
content-type: image/png
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/utag.v.js.transferir

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/uber_files/utag.v.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/utag.v.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/dest5.html

200.58.111.23

200 OK

3.0 kB

URL HTTP/2
promouber-br.com/uber_files/dest5.html
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (635)
Size
3.0 kB (2963 bytes)
Hash
4664499d7646da9c6b2979e7b108a571
488b82119b74e668dd52084960fce237e79a4dc7
f3762f6de5239b715f419d2b0556f58d0c5d1fde695f5e96e0dd5629fd03a032

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/dest5.html HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1c6e-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2963
content-type: text/html
date: Wed, 08 Feb 2023 02:05:08 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
177cacd66ff7c51373a073453845e0f4
a4c6ff1b670d6fbe72fb60f54a10c6113bcc9399
9818edf620387e3a2dd0f693e455fa8db939e94969e64b0001b6b1e72319e9b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=129184
Date: Wed, 08 Feb 2023 02:05:09 GMT
Etag: "63e256ce-1d7"
Expires: Thu, 09 Feb 2023 13:58:13 GMT
Last-Modified: Tue, 07 Feb 2023 13:49:02 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sjiRz5On-aB9k1Fv8VMYxvZyPumvLisIAPpL90RpRylZBCwkENjGNg==
Age: 551

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
177cacd66ff7c51373a073453845e0f4
a4c6ff1b670d6fbe72fb60f54a10c6113bcc9399
9818edf620387e3a2dd0f693e455fa8db939e94969e64b0001b6b1e72319e9b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=129228
Date: Wed, 08 Feb 2023 02:05:09 GMT
Etag: "63e256ce-1d7"
Expires: Thu, 09 Feb 2023 13:58:57 GMT
Last-Modified: Tue, 07 Feb 2023 13:49:02 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lGDgwCppvJwOUmmJIwvFBYuk2wvw6K0V5cr5dg0M7b2_DKeNjx15HQ==
Age: 595

gtrk.s3.amazonaws.com/s?u=512593&t=rpqoi0

52.218.252.67

403 Forbidden

243 B

URL HTTP/1.1
gtrk.s3.amazonaws.com/s?u=512593&t=rpqoi0
IP
52.218.252.67:0
ASN
#16509 AMAZON-02

File type
XML 1.0 document text\012- XML document, ASCII text
Size
243 B (243 bytes)
Hash
3a385afd130b3bfa4cc4b531cf82c4ee
b70bc67105ed7032bc5558a2b04e3c7e1325dfd8
0db83b0b0aa56e7e06c557283f5c466406225283364e2692c2b203d93addec45

HTTP Headers

GET /s?u=512593&t=rpqoi0 HTTP/1.1
Host: gtrk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 Forbidden
x-amz-request-id: R0EZ6KCP6MQ2EZ6H
x-amz-id-2: 6RX4MqhFpkBszOpSxqwOKaTO8UYO1SO/cJWidfX0HfmtYmxLMijskawQvAU/e6txonDH3y0ijzY=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Wed, 08 Feb 2023 02:05:08 GMT
Server: AmazonS3

d1a3f4spazzrp4.cloudfront.net/chameleon/cms/uploads/2016/10/24/1477347860-pattern.png

54.230.245.23

200 OK

17 kB

URL HTTP/2
d1a3f4spazzrp4.cloudfront.net/chameleon/cms/uploads/2016/10/24/1477347860-pattern.png
IP
54.230.245.23:0
ASN
#16509 AMAZON-02

File type
PNG image data, 125 x 125, 8-bit/color RGB, non-interlaced\012- data
Size
17 kB (16922 bytes)
Hash
46c1ae1dd72137e7e701b895eec6e1f8
e02f6b53fb0f5c5d888a6ac474b816056919f4d1
c963a9aeac483dc22ef96c3d0ccf451119c0034fea99e0557ce1d12da80a0fa0

HTTP Headers

GET /chameleon/cms/uploads/2016/10/24/1477347860-pattern.png HTTP/1.1
Host: d1a3f4spazzrp4.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/png
content-length: 16922
date: Tue, 07 Feb 2023 03:54:05 GMT
last-modified: Mon, 24 Oct 2016 22:24:22 GMT
etag: "46c1ae1dd72137e7e701b895eec6e1f8"
x-amz-version-id: 7f3duUFAw.DLwbr82l4mbpxpe9jXiG6s
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qjxm5v0A0L6_KysD6EjmYcksv2M9LtdXdp43R1erR1Onlo4_uIyFBg==
age: 79864
X-Firefox-Spdy: h2

promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir

200.58.111.23

200 OK

125 kB

URL HTTP/2
promouber-br.com/uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
data
Size
125 kB (124966 bytes)
Hash
743686aa993a67778e09ca7e93f747d5
b1d3b191a1d9d48d4e0e034f199ace1610e113c5
f48e46db3bddf63f9bbee242d3a272420a06dd579f71fa4d91e1153221e49992

Detections

Analyzer	Verdict	Alert
openphish	Uber
fortinet	Phishing

HTTP Headers

GET /uber_files/phone-format.0c78c7ac0e07a985c9f2f73cc6bca043.js.transferir HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "5e942-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 08 Feb 2023 01:45:20 GMT
expires: Wed, 08 Feb 2023 03:45:20 GMT
cache-control: public, max-age=7200
age: 1189
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157

142.250.74.46

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j56&aip=1&a=1134420615&t=event&_s=2&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=candy.view&ea=signup&_u=6GBAAUABI~&jid=&gjid=&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=1965041157 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Wed, 08 Feb 2023 00:10:49 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 6860
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2987
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 01:15:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391

142.250.74.46

302 Found

417 B

URL HTTP/2
www.google-analytics.com/r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
417 B (417 bytes)
Hash
dfd7e22eaf1ed5d0cebd8e3f38d42c0f
d7441a6f05da027efef57c099bf4f7fdd6494dcd
05e37b2ad5c7db4395b702a2fe8c8253fc3254d4bd6faf3ccb2738881416cb17

HTTP Headers

GET /r/collect?v=1&_v=j56&aip=1&a=1134420615&t=pageview&_s=1&dl=https%3A%2F%2Fpromouber-br.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBAAUABI~&jid=44996711&gjid=2063319935&cid=1497242055.1675821961&tid=UA-7157694-35&_gid=1533917307.1675821961&_r=1&cd99=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&gtm=457e3260&did=dYmQxMT&gdid=dYmQxMT&z=620442391 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391
access-control-allow-origin: *
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 417
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: lIu9Ce81MoFpzW/VWnl4RhggL8OFdkEv2Ur/WLS/NC3S7tBdq9AMrU6Dv0qCPPyEGmaxMj1BNK+HhM5rEnjn/Q==
content-length: 27843
x-fb-trip-id: 1904183273
date: Wed, 08 Feb 2023 02:05:09 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.130

200 OK

883 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1867), with no line terminators
Size
883 B (883 bytes)
Hash
256f06d7d93a65d7b415a5932deb0ad0
70cc43bf4bc3a16828cde30e5107d4d763a414ef
7590bb8b48351dca049287683a44f754def0146d7c472636b92b2e9ec52af2ad

HTTP Headers

GET /pagead/viewthroughconversion/303996578/?random=1675821961380&cv=11&fst=1675821961380&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 883
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4

142.250.74.130

200 OK

883 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1863), with no line terminators
Size
883 B (883 bytes)
Hash
d14f6b456a68446f11a2746967fd6f5f
bff405e1011ceeec44316b8f505668a9576c87e3
2a2e0a1a07c9ba0a76cfed614059b645d47d9c18894f31950e57b298a517b142

HTTP Headers

GET /pagead/viewthroughconversion/975102964/?random=1675821961183&cv=11&fst=1675821961183&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 883
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/api2/r20170727143628/recaptcha__pt_br.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/api2/r20170727143628/recaptcha__pt_br.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1611 bytes)
Hash
eb4b3e7d092624b03a15f7ed64f96a6e
bb63cb1d1b72957ce4b35bb4a8019ed776e4bd50
bddb1920e804f32667a40050b8937ff65f2ec14bd13fed92f9fb427ed168fd5b

HTTP Headers

GET /recaptcha/api2/r20170727143628/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 02:05:09 GMT
server: sffe
content-length: 1611
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2987
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 01:15:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.130

200 OK

885 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1867), with no line terminators
Size
885 B (885 bytes)
Hash
304d8865fda7bb9aa1f624257ec706b2
5133641f5e2bd7efee8cabddbcbf423f57c2b214
032ff28d86b44250369af12afe938a9618adffbfd84467d3ada14e9dd4cf6445

HTTP Headers

GET /pagead/viewthroughconversion/975102964/?random=1675821961175&cv=11&fst=1675821961175&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 885
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.130

200 OK

884 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1867), with no line terminators
Size
884 B (884 bytes)
Hash
766d4d363a09f6de172fc4a8dbe0c0cb
e30dc8637bbe86abb1f0d61cf346333e201a6ea4
864ea40de24715231a054ec6c532dbdddc6f8dd6b3e9de7dd6ca6c6c1293b410

HTTP Headers

GET /pagead/viewthroughconversion/856613572/?random=1675821961365&cv=11&fst=1675821961365&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&did=dYmQxMT&gdid=dYmQxMT&auid=390928720.1675821961&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 884
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 02:20:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391

64.233.165.155

302 Found

364 B

URL HTTP/2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391
IP
64.233.165.155:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
364 B (364 bytes)
Hash
100bd23a9799b3529efe97dd07a3f6d0
e532aae685a7ff965a2bdd900fb07396361c9560
00684884a89aa1ccb16c4b4e4028cd528f106bbb24157bb0134998d918117353

HTTP Headers

GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_gid=1533917307.1675821961&gjid=2063319935&_v=j56&z=620442391 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ddbcc8409304b59c7d2faa53ed360fb5
98746db490891a3e5aa21f3dff58438d0c7795d5
b0ffc1ea39f25451920b84f09d650c564bd412bca0e2db72d99e736e385a176d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

promouber-br.com/favicon.ico

200.58.111.23

404 Not Found

196 B

URL HTTP/2
promouber-br.com/favicon.ico
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Cookie: _ceg.s=rpqoi0; _ceg.u=rpqoi0; utag_main=v_id:01862ec5cea30009e070bee1f56100050001900900918$_sn:1$_se:2$_ss:0$_st:1675823760955$ses_id:1675821960868%3Bexp-session$_pn:1%3Bexp-session$segment:b$optimizely_segment:b; segmentCookie=a; utag_geo_code=PT; CONSENTMGR=c1:1%7Cc2:1%7Cc3:1%7Cc4:1%7Cc5:1%7Cc6:1%7Cc7:1%7Cc8:1%7Cc9:1%7Cc10:1%7Cc11:1%7Cc12:1%7Cc13:1%7Cc14:1%7Cc15:1%7Cts:1675821960951%7Cconsent:true; _gcl_au=1.1.390928720.1675821961; _ga=GA1.1.1497242055.1675821961; _gid=GA1.2.1533917307.1675821961; _gat_gtag_UA_7157694_35=1; _ga_XTGQLY6KPT=GS1.1.1675821961.1.0.1675821961.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Feb 2023 02:05:09 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975102964/?random=1675821961175&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729561907&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/856613572/?random=1675821961365&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3872595851&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391

142.250.74.164

302 Found

0 B

URL HTTP/2
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/303996578/?random=1675821961380&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3277722831&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
912dbdfd52f101d5fff4e445f67aaafe
bb02da32f3fd94f89d29dd5712142a6c63eb11a6
31c1af8e7bf33123c5f93104b9b0b9780712824dfe3636f80d8c4a5af6573816

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5581
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Last-Modified: Wed, 08 Feb 2023 00:32:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314

www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-7157694-35&cid=1497242055.1675821961&jid=44996711&_v=j56&z=620442391&slf_rd=1&random=3066914601 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promouber-br.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3f32fef9b843f5511bb882c0a38358
a1a60921f7cb6ab14b645c77bb7d77c20b8201ef
9a4b9e269aa66258c1d9b10fb1af899a3e669de3e244dcfd843a0bce87646f8e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 02:05:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975102964/?random=1675821961183&cv=11&fst=1675821600000&bg=ffffff&guid=ON&async=1&gtm=45be3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fpromouber-br.com%2F&tiba=Uber%20%7C%20Promo%C3%A7%C3%A3o&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3964270785&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617

104.244.42.3

200 OK

43 B

URL HTTP/2
analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617
IP
104.244.42.3:0
ASN
#13414 TWITTER

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

HTTP Headers

GET /i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv9w7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&_rnd=0.09373584148357617 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 02:05:09 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_yq4Vbw4NY3nJFdpivVN+tA=="; Max-Age=63072000; Expires=Fri, 07 Feb 2025 02:05:09 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: ad088e22ecf3afd1
strict-transport-security: max-age=631138519
x-response-time: 104
x-connection-hash: 5beb6cafaae177c1589b64804f47ca3b0af62e24f05a074c5a2e9aeb169c18e0
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-XTGQLY6KPT&gtm=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-XTGQLY6KPT&gtm=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-XTGQLY6KPT&gtm=45je3260&_p=1134420615&gdid=dYmQxMT&cid=1497242055.1675821961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675821961&sct=1&seg=0&dl=https%3A%2F%2Fpromouber-br.com%2F&dt=Uber%20%7C%20Promo%C3%A7%C3%A3o&en=page_view&_fv=1&_ss=2&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promouber-br.com
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://promouber-br.com
date: Wed, 08 Feb 2023 02:05:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

promouber-br.com/uber_files/superfine(1).css

200.58.111.23

200 OK

0 B

URL HTTP/2
promouber-br.com/uber_files/superfine(1).css
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /uber_files/superfine(1).css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "3476a-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

promouber-br.com/uber_files/uber-icons.css

200.58.111.23

200 OK

0 B

URL HTTP/2
promouber-br.com/uber_files/uber-icons.css
IP
200.58.111.23:0
ASN
#27823 Dattatec.com

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Uber

HTTP Headers

GET /uber_files/uber-icons.css HTTP/1.1
Host: promouber-br.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promouber-br.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 12 Apr 2018 23:31:12 GMT
etag: "1a3d8-569af26a39000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Wed, 08 Feb 2023 02:05:07 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (47)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML