login.gardengreebrasil.com Open in urlscan Pro
77.91.77.99  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response login.gardengreebrasil.com/	69 KB 28 KB	3633ms 3001ms	Document text/html	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash 6c084863f409a9e16c7b4a456890476ec5170046f49d5c121434c51a3aac1465 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers * access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS access-control-allow-origin * access-control-request-method * age 0 cache-control no-cache, no-store, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 cross-origin-resource-policy cross-origin date Fri, 12 Jul 2024 22:51:27 GMT expires 0 pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx vary Accept-Encoding x-xss-protection 1; mode=block
GET H2	200	aol-main.css s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/	702 KB 703 KB	2061ms 1538ms	Stylesheet text/css	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash da8dc56a401d1fcfa5feb247b3ebf0196a949fccba2451b61a0ff1f6603cabc6 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type text/css access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	rapid-3.53.39.js Show response s.cuentosis.com/ss/	50 KB 50 KB	2295ms 1786ms	Script application/javascript	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/ss/rapid-3.53.39.js Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash 047d360fa59a7d5c13cfa67ae86c734eb9205cfad3e0dcc516b410d1e8d7a33d Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/javascript access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	aol-logo-black-v.0.0.2.png s.cuentosis.com/wm/assets/images/ns/	16 KB 16 KB	2227ms 1719ms	Image image/x-png	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://s.cuentosis.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type image/x-png access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	aol-logo-white-v0.0.4.png s.cuentosis.com/wm/assets/images/ybar/	4 KB 4 KB	2055ms 1548ms	Image image/x-png	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://s.cuentosis.com/wm/assets/images/ybar/aol-logo-white-v0.0.4.png Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type image/x-png access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	bundle.js Show response s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/	191 KB 192 KB	2232ms 1725ms	Script application/javascript	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/bundle.js Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash f84068842a5961b41676a63d9caedd8ea3c29e2dc005cb3e4109280c7d2b8716 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/javascript access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	cmp.js Show response consent.cmp.beinthemomentphoto.com/	180 KB 181 KB	2889ms 2386ms	Script application/javascript	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://consent.cmp.beinthemomentphoto.com/cmp.js Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash 27cf61549eb5a46f653ddc5af8feea14676c2613c417e8b2e7fd074e49ede8de Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 12 Jul 2024 22:51:30 GMT access-control-request-method * age 1068 x-amz-request-id RE5AB3E9R8S3C6JM x-cache HIT cross-origin-resource-policy cross-origin x-amz-id-2 orYT/SKCimAC0RO1iQzclNmyG4Z4OuMCxjicBl5YOYfuFtQExkbOlBzenA/lqLTpISAgwsOBnu4= last-modified Thu, 08 Feb 2024 18:14:22 GMT server nginx etag "6863ce0703ce4f482389f8a7e640e4e6+gzip" vary Accept-Encoding access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/javascript access-control-allow-origin * cache-control max-age=3600 access-control-allow-credentials true access-control-allow-headers * expires Fri, 12 Jul 2024 23:51:30 GMT
GET		opus.js opus.example.com/tag/	0 0
GET H2	200	Yahoo_Sans-Regular.woff2 s.cuentosis.com/cv/ae/sports/fonts/2017/	28 KB 28 KB	1961ms 1528ms	Font application/x-font-woff	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2 Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560 Request headers Referer https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Origin https://login.gardengreebrasil.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:32 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/x-font-woff access-control-allow-origin https://login.gardengreebrasil.com access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET DATA	200 OK	truncated /	5 KB 5 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4663ad129604a1e27174423041bcfa82fc00d327e6865ec61a6013df16191c06 Request headers Referer Origin https://login.gardengreebrasil.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type font/woff2
GET H2	200	checkbox-unchecked.svg s.cuentosis.com/wm/mbr/images/	733 B 977 B	1271ms 1270ms	Image image/svg+xml	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://s.cuentosis.com/wm/mbr/images/checkbox-unchecked.svg Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash c25f3a57f7858de738e2f3cd49ae322e7d02d70484cf7b6dde7de302eb033aa8 Request headers Referer https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:32 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type image/svg+xml access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	Yahoo_Sans-Semibold.woff2 s.cuentosis.com/cv/ae/sports/fonts/2017/	28 KB 29 KB	2093ms 1661ms	Font application/x-font-woff	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2 Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa Request headers Referer https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Origin https://login.gardengreebrasil.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:32 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/x-font-woff access-control-allow-origin https://login.gardengreebrasil.com access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	Yahoo_Sans-Medium.woff2 s.cuentosis.com/cv/ae/sports/fonts/2017/	29 KB 29 KB	2098ms 1666ms	Font application/x-font-woff	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2 Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4 Request headers Referer https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/aol-main.css Origin https://login.gardengreebrasil.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:32 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/x-font-woff access-control-allow-origin https://login.gardengreebrasil.com access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
POST H2	204	yql Show response 3p-udc.5onthetop.com/v2/public/	0 712 B	2617ms 2109ms	XHR text/plain	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://3p-udc.5onthetop.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=160500005&yhlCT=2&yhlBTMS=1720824690943&yhlClientVer=3.53.39&yhlRnd=v8PJpa4hkSYDGsCu&yhlCompressed=0 Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/ss/rapid-3.53.39.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Fri, 12 Jul 2024 22:51:33 GMT access-control-request-method * server nginx age 1 vary Origin access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS p3p policyref="http://info.5onthetop.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" access-control-allow-origin https://login.gardengreebrasil.com cache-control no-store, no-cache, private, max-age=0 access-control-allow-credentials true x-envoy-upstream-service-time 1 cross-origin-resource-policy cross-origin access-control-allow-headers * expires -1
GET H2	200	consentRecord Show response guce.gardengreebrasil.com/v1/	140 B 407 B	2198ms 2098ms	XHR application/json	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://guce.gardengreebrasil.com/v1/consentRecord?consentTypes=iab%2CiabCCPA%2Cgpp%2CgppSid Requested by Host: consent.cmp.beinthemomentphoto.com URL: https://consent.cmp.beinthemomentphoto.com/cmp.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash 4c911a020bfc56c5c89d7a2d2565651a2048862820fdaae9468d659bf020247e Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:33 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type application/json access-control-allow-origin https://login.gardengreebrasil.com access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	sandbox gpt.mail.yahoo.net/ Frame 52D5	0 0	422ms 124ms	Document text/html	2001:4998:60:807::1 YAHOO-CHA
General Check archive.org Show headers Download Go to Full URL https://gpt.mail.yahoo.net/sandbox?client=aolLogin&version=0.1&limited=0&headerBidder=1&haq=1&benji=1 Requested by Host: s.cuentosis.com URL: https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4998:60:807::1 , United States, ASN14196 (YAHOO-CHA, US), Reverse DNS Software ATS / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https:; script-src 'nonce-wZG4WI9/8R427+1lNKNOfQ==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; block-all-mixed-content; frame-ancestors https://mail.yahoo.com https://*.mail.yahoo.com https://mail.aol.com https://*.mail.aol.com https://login.yahoo.com https://*.login.yahoo.com https://login.aol.com https://*.login.aol.com https://devbox.login.aol.com:8080 https://devbox.login.yahoo.com:8080; report-uri https://csp.yahoo.com/beacon/csp?src=mail-gam Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://login.gardengreebrasil.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers age 0 content-encoding gzip content-security-policy base-uri 'none'; connect-src https:; script-src 'nonce-wZG4WI9/8R427+1lNKNOfQ==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; block-all-mixed-content; frame-ancestors https://mail.yahoo.com https://*.mail.yahoo.com https://mail.aol.com https://*.mail.aol.com https://login.yahoo.com https://*.login.yahoo.com https://login.aol.com https://*.login.aol.com https://devbox.login.aol.com:8080 https://devbox.login.yahoo.com:8080; report-uri https://csp.yahoo.com/beacon/csp?src=mail-gam content-type text/html; charset=utf-8 date Fri, 12 Jul 2024 22:51:31 GMT expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" referrer-policy no-referrer-when-downgrade server ATS strict-transport-security max-age=31536000 vary Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 3 x-omg-env norrin-green--gam-production-bf1-7658897bc8-dn2hw x-xss-protection 1; mode=block
POST H2	204	csp csp.yahoo.com/beacon/	0 441 B	441ms 157ms	Other text/plain	2001:4998:58:207::6000 YAHOO-BF1
General Check archive.org Show headers Download Go to Full URL https://csp.yahoo.com/beacon/csp?src=mail-gam Requested by Host: login.gardengreebrasil.com URL: https://login.gardengreebrasil.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4998:58:207::6000 , United States, ASN26101 (YAHOO-BF1, US), Reverse DNS Software ATS / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type application/csp-report Response headers strict-transport-security max-age=31536000 date Fri, 12 Jul 2024 22:51:32 GMT referrer-policy no-referrer-when-downgrade x-content-type-options nosniff server ATS age 0 etag W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI" x-powered-by Express expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only x-frame-options SAMEORIGIN content-security-policy-report-only default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_csp.yahoo.com cache-control no-store, no-cache, private, max-age=0 x-envoy-upstream-service-time 1 x-xss-protection 1; mode=block expires -1
GET H2	200	aol-favicon.png s.cuentosis.com/wm/login/	706 B 947 B	1258ms 1258ms	Other image/x-png	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/wm/login/aol-favicon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:34 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type image/x-png access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET H2	200	aol-favicon.png s.cuentosis.com/wm/login/	706 B 947 B	1380ms 1379ms	Other image/x-png	77.91.77.99 SUNHOST-AS
General Check archive.org Show headers Download Go to Full URL https://s.cuentosis.com/wm/login/aol-favicon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 77.91.77.99 Frankfurt am Main, Germany, ASN216319 (SUNHOST-AS, GB), Reverse DNS Software nginx / Resource Hash f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726 Request headers Referer https://login.gardengreebrasil.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Fri, 12 Jul 2024 22:51:35 GMT access-control-request-method * server nginx access-control-allow-methods POST, PUT, DELETE, GET, OPTIONS content-type image/x-png access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers *
GET		logads login.gardengreebrasil.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

opus.example.com

URL

https://opus.example.com/tag/opus.js

Domain

login.gardengreebrasil.com

URL

https://login.gardengreebrasil.com/logads?adType=gam&delay=timeout&spid=160500005

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| base64ToBuf number| passfield_int number| activity_monitor number| pageStartTime boolean| isGoodJS object| YUI_config object| I13N_config string| COMET_URL string| gamIframeUrl object| challenge string| currentURL object| COUNTRY_CODES_MAP function| mbrSendError object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets function| __uspapi function| __tcfapi function| __gpp_addFrame function| __gpp_stub function| __gpp_msghandler function| __gpp number| lastApvTime

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.login.gardengreebrasil.com/	1969-12-31 23:59:59	Name: AS Value: v=1&s=vnZ6c0YP&d=A669304ef|5RfTg53.2Soge5A2KtkPb_E5mc6vMHiXOUDS9.GCWReC2gAEQORRRJWM0gxXagxZ_hNUxrx2b1q3qzRDoeL5W0Wld6lbTHFAUokazasJzwaWgWmAkWxhJ3Jpe8a31MI.a24x6Rtd8wsbGn_IxsgcB8_2igaz.bIQrtMSG_4YE9kCdsf5JJnWI7pJQ4EJ5_bzDWYsc_aVf6YHutuOQt5e1jB09CcJZwQbaH7ZGjZVY16Yfk0kkgbjXfjtBS2GgOuuVX7AfD3NVDM_.tkPN1s.U5k3iU3rKNao3VoYG.ntieQe2vqwEAvYaoelepIXahe4qFQP4YlngGYlbW_Pj7Fqyl9IGR6xolMQxmgJEM45.fBvnl1.BgtP1LiI.YxCq1JJPts6PddNgRSpxjXmUlKNxpFLwZmLjgGxBXY0NfsJ_Nv1iE8dKhAO9V7OPqb.NFib7NesYtvdhtK5gm482qlEXiRo9p2F7Hp0qSjF447s8cNG2XRwv1PY5CAjRLYE7v2nteesED8efCqXg4DuyXcCLcDw1muxIQXvhwtxDhLmT2VXpVRGaZWQtqt8PwMqoby.B06SxTIZh53GWv1rP6Wg_ga9igs2nqu6pJlAFvXtDsJvRb3cXhnNq4th5FDhf.4ONCZErDYtqf3IsxmfOXXeVfdeTNQ5iv5LbLXmFMPgswkONyWLa8s0L5KRHQCLpr8VtBXtOZ.UV_.HF_IZS9pnKzjkbDqiP2.uPq9m0KwIzJtvN6kucjRSL39RJ9nNcexkDpFR7YITC_i2IbdtnY0gVAsAg0yPPso1sEtAd95XtVJ_AAw7_lJWXEE-~A
			.gardengreebrasil.com/	1970-01-21 06:46:22	Name: A1 Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY
			.gardengreebrasil.com/	1970-01-21 06:46:22	Name: A3 Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY
			.gardengreebrasil.com/	1969-12-31 23:59:59	Name: A1S Value: d=AQABBG-zkWYCECi0MsZvOJA4u9CMMiMFb2sFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAtFaPaW2RoK0mDEadJWquZY
			.5onthetop.com/	1970-01-21 06:46:22	Name: A3 Value: d=AQABBHWzkWYCEIJSO_BnHLU_dKIh0p1ofZkFEgEBAQEEk2abZtxH0iMA_eMAAA&S=AQAAAmA_NeYLOt20eelMJMQpUSk
			.gardengreebrasil.com/	1970-01-21 06:46:00	Name: cmp Value: t=1720824694&j=0&u=1YNN
			.gardengreebrasil.com/	1970-01-20 22:01:51	Name: gpp Value: DBAA
			.gardengreebrasil.com/	1970-01-20 22:01:51	Name: gpp_sid Value: -1

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: Unrecognized feature: 'document-domain'.
other	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: Unrecognized feature: 'speaker-selection'.
security	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
javascript	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.cuentosis.com/ss/rapid-3.53.39.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.cuentosis.com/ss/rapid-3.53.39.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.cuentosis.com/wm/mbr/311d2acdbe41fdf2616402237892eb53815e6993/bundle.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://consent.cmp.beinthemomentphoto.com/cmp.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://login.gardengreebrasil.com/(Line 13) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://opus.example.com/tag/opus.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://opus.example.com/tag/opus.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security	error	Message: Refused to frame 'https://gpt.mail.yahoo.net/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://mail.yahoo.com https://*.mail.yahoo.com https://mail.aol.com https://*.mail.aol.com https://login.yahoo.com https://*.login.yahoo.com https://login.aol.com https://*.login.aol.com https://devbox.login.aol.com:8080 https://devbox.login.yahoo.com:8080".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3p-udc.5onthetop.com
consent.cmp.beinthemomentphoto.com
csp.yahoo.com
gpt.mail.yahoo.net
guce.gardengreebrasil.com
login.gardengreebrasil.com
opus.example.com
s.cuentosis.com
login.gardengreebrasil.com
opus.example.com
2001:4998:58:207::6000
2001:4998:60:807::1
77.91.77.99
047d360fa59a7d5c13cfa67ae86c734eb9205cfad3e0dcc516b410d1e8d7a33d
27cf61549eb5a46f653ddc5af8feea14676c2613c417e8b2e7fd074e49ede8de
4663ad129604a1e27174423041bcfa82fc00d327e6865ec61a6013df16191c06
4c911a020bfc56c5c89d7a2d2565651a2048862820fdaae9468d659bf020247e
6c084863f409a9e16c7b4a456890476ec5170046f49d5c121434c51a3aac1465
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
c25f3a57f7858de738e2f3cd49ae322e7d02d70484cf7b6dde7de302eb033aa8
d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
da8dc56a401d1fcfa5feb247b3ebf0196a949fccba2451b61a0ff1f6603cabc6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726
f84068842a5961b41676a63d9caedd8ea3c29e2dc005cb3e4109280c7d2b8716
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560