login.gardengreebrasil.com
Open in
urlscan Pro
77.91.77.99
Malicious Activity!
Public Scan
Submission: On July 12 via api from US — Scanned from CA
Summary
TLS certificate: Issued by E5 on July 12th 2024. Valid for: 3 months.
This is the only time login.gardengreebrasil.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AOL (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 77.91.77.99 77.91.77.99 | 216319 (SUNHOST-AS) (SUNHOST-AS) | |
1 | 2001:4998:60:... 2001:4998:60:807::1 | 14196 (YAHOO-CHA) (YAHOO-CHA) | |
1 | 2001:4998:58:... 2001:4998:58:207::6000 | 26101 (YAHOO-BF1) (YAHOO-BF1) | |
19 | 4 |
ASN216319 (SUNHOST-AS, GB)
login.gardengreebrasil.com | |
s.cuentosis.com | |
consent.cmp.beinthemomentphoto.com | |
3p-udc.5onthetop.com | |
guce.gardengreebrasil.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
cuentosis.com
s.cuentosis.com |
1 MB |
2 |
gardengreebrasil.com
login.gardengreebrasil.com guce.gardengreebrasil.com |
28 KB |
1 |
yahoo.com
csp.yahoo.com — Cisco Umbrella Rank: 12857 |
441 B |
1 |
yahoo.net
gpt.mail.yahoo.net — Cisco Umbrella Rank: 5130 |
|
1 |
5onthetop.com
3p-udc.5onthetop.com |
712 B |
1 |
beinthemomentphoto.com
consent.cmp.beinthemomentphoto.com |
181 KB |
0 |
example.com
Failed
opus.example.com Failed |
|
19 | 7 |
Domain | Requested by | |
---|---|---|
11 | s.cuentosis.com |
login.gardengreebrasil.com
s.cuentosis.com |
1 | csp.yahoo.com |
login.gardengreebrasil.com
|
1 | gpt.mail.yahoo.net |
s.cuentosis.com
|
1 | guce.gardengreebrasil.com |
consent.cmp.beinthemomentphoto.com
|
1 | 3p-udc.5onthetop.com |
s.cuentosis.com
|
1 | consent.cmp.beinthemomentphoto.com |
login.gardengreebrasil.com
|
1 | login.gardengreebrasil.com |
s.cuentosis.com
|
0 | opus.example.com Failed |
login.gardengreebrasil.com
|
19 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.aol.ca |
help.gardengreebrasil.com |
legal.5onthetop.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
gardengreebrasil.com E5 |
2024-07-12 - 2024-10-10 |
3 months | crt.sh |
cuentosis.com E5 |
2024-07-12 - 2024-10-10 |
3 months | crt.sh |
beinthemomentphoto.com E5 |
2024-07-12 - 2024-10-10 |
3 months | crt.sh |
5onthetop.com E6 |
2024-07-12 - 2024-10-10 |
3 months | crt.sh |
jp.techcrunch.com DigiCert SHA2 High Assurance Server CA |
2024-05-09 - 2024-08-07 |
3 months | crt.sh |
yahoo.com DigiCert SHA2 High Assurance Server CA |
2024-02-20 - 2024-08-14 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.gardengreebrasil.com/
Frame ID: AF2B2BB02070B8B99A6D12443C24461F
Requests: 19 HTTP requests in this frame
Frame:
https://gpt.mail.yahoo.net/sandbox?client=aolLogin&version=0.1&limited=0&headerBidder=1&haq=1&benji=1
Frame ID: 52D5A38F987239261A20FE9FFC3EAF66
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
login.gardengreebrasil.com/ |
69 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-main.css
s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/ |
702 KB 703 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rapid-3.53.39.js
s.cuentosis.com/ss/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-logo-black-v.0.0.2.png
s.cuentosis.com/wm/assets/images/ns/ |
16 KB 16 KB |
Image
image/x-png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-logo-white-v0.0.4.png
s.cuentosis.com/wm/assets/images/ybar/ |
4 KB 4 KB |
Image
image/x-png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js
s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/ |
191 KB 192 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp.js
consent.cmp.beinthemomentphoto.com/ |
180 KB 181 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opus.js
opus.example.com/tag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Regular.woff2
s.cuentosis.com/cv/ae/sports/fonts/2017/ |
28 KB 28 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 5 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox-unchecked.svg
s.cuentosis.com/wm/mbr/images/ |
733 B 977 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Semibold.woff2
s.cuentosis.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Medium.woff2
s.cuentosis.com/cv/ae/sports/fonts/2017/ |
29 KB 29 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
yql
3p-udc.5onthetop.com/v2/public/ |
0 712 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
consentRecord
guce.gardengreebrasil.com/v1/ |
140 B 407 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sandbox
gpt.mail.yahoo.net/ Frame 52D5 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
csp
csp.yahoo.com/beacon/ |
0 441 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-favicon.png
s.cuentosis.com/wm/login/ |
706 B 947 B |
Other
image/x-png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-favicon.png
s.cuentosis.com/wm/login/ |
706 B 947 B |
Other
image/x-png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logads
login.gardengreebrasil.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- opus.example.com
- URL
- https://opus.example.com/tag/opus.js
- Domain
- login.gardengreebrasil.com
- URL
- https://login.gardengreebrasil.com/logads?adType=gam&delay=timeout&spid=160500005
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AOL (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 function| base64ToBuf number| passfield_int number| activity_monitor number| pageStartTime boolean| isGoodJS object| YUI_config object| I13N_config string| COMET_URL string| gamIframeUrl object| challenge string| currentURL object| COUNTRY_CODES_MAP function| mbrSendError object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets function| __uspapi function| __tcfapi function| __gpp_addFrame function| __gpp_stub function| __gpp_msghandler function| __gpp number| lastApvTime8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.gardengreebrasil.com/ | Name: AS Value: v=1&s=vnZ6c0YP&d=A669304ef|5RfTg53.2Soge5A2KtkPb_E5mc6vMHiXOUDS9.GCWReC2gAEQORRRJWM0gxXagxZ_hNUxrx2b1q3qzRDoeL5W0Wld6lbTHFAUokazasJzwaWgWmAkWxhJ3Jpe8a31MI.a24x6Rtd8wsbGn_IxsgcB8_2igaz.bIQrtMSG_4YE9kCdsf5JJnWI7pJQ4EJ5_bzDWYsc_aVf6YHutuOQt5e1jB09CcJZwQbaH7ZGjZVY16Yfk0kkgbjXfjtBS2GgOuuVX7AfD3NVDM_.tkPN1s.U5k3iU3rKNao3VoYG.ntieQe2vqwEAvYaoelepIXahe4qFQP4YlngGYlbW_Pj7Fqyl9IGR6xolMQxmgJEM45.fBvnl1.BgtP1LiI.YxCq1JJPts6PddNgRSpxjXmUlKNxpFLwZmLjgGxBXY0NfsJ_Nv1iE8dKhAO9V7OPqb.NFib7NesYtvdhtK5gm482qlEXiRo9p2F7Hp0qSjF447s8cNG2XRwv1PY5CAjRLYE7v2nteesED8efCqXg4DuyXcCLcDw1muxIQXvhwtxDhLmT2VXpVRGaZWQtqt8PwMqoby.B06SxTIZh53GWv1rP6Wg_ga9igs2nqu6pJlAFvXtDsJvRb3cXhnNq4th5FDhf.4ONCZErDYtqf3IsxmfOXXeVfdeTNQ5iv5LbLXmFMPgswkONyWLa8s0L5KRHQCLpr8VtBXtOZ.UV_.HF_IZS9pnKzjkbDqiP2.uPq9m0KwIzJtvN6kucjRSL39RJ9nNcexkDpFR7YITC_i2IbdtnY0gVAsAg0yPPso1sEtAd95XtVJ_AAw7_lJWXEE-~A |
|
.gardengreebrasil.com/ | Name: A1 Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY |
|
.gardengreebrasil.com/ | Name: A3 Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY |
|
.gardengreebrasil.com/ | Name: A1S Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY |
|
.5onthetop.com/ | Name: A3 Value: d=AQABBHWzkWYCEIJSO_BnHLU_dKIh0p1ofZkFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAmA_NeYLOt20eelMJMQpUSk |
|
.gardengreebrasil.com/ | Name: cmp Value: t=1720824694&j=0&u=1YNN |
|
.gardengreebrasil.com/ | Name: gpp Value: DBAA |
|
.gardengreebrasil.com/ | Name: gpp_sid Value: -1 |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3p-udc.5onthetop.com
consent.cmp.beinthemomentphoto.com
csp.yahoo.com
gpt.mail.yahoo.net
guce.gardengreebrasil.com
login.gardengreebrasil.com
opus.example.com
s.cuentosis.com
login.gardengreebrasil.com
opus.example.com
2001:4998:58:207::6000
2001:4998:60:807::1
77.91.77.99
047d360fa59a7d5c13cfa67ae86c734eb9205cfad3e0dcc516b410d1e8d7a33d
27cf61549eb5a46f653ddc5af8feea14676c2613c417e8b2e7fd074e49ede8de
4663ad129604a1e27174423041bcfa82fc00d327e6865ec61a6013df16191c06
4c911a020bfc56c5c89d7a2d2565651a2048862820fdaae9468d659bf020247e
6c084863f409a9e16c7b4a456890476ec5170046f49d5c121434c51a3aac1465
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
c25f3a57f7858de738e2f3cd49ae322e7d02d70484cf7b6dde7de302eb033aa8
d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
da8dc56a401d1fcfa5feb247b3ebf0196a949fccba2451b61a0ff1f6603cabc6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726
f84068842a5961b41676a63d9caedd8ea3c29e2dc005cb3e4109280c7d2b8716
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560