Submission: On December 06 via automatic , source phishtank
Summary
The main IP is 13.58.28.70, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is ganhedesconto.com.
The TLS certificate was issued by Let's Encrypt Authority X3 on November 8th 2018 with a validity of 3 months.
This is the first time this domain was scanned on urlscan.io!
Potentially malicious content or behaviour on this page! Show Details
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
23 | 13.58.28.70 13.58.28.70 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 143.204.98.132 143.204.98.132 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
25 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-58-28-70.us-east-2.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-132.fra50.r.cloudfront.net
Domain Subdomains |
Transfer | |
---|---|---|
23 |
ganhedesconto.com
|
985 KB |
1 |
d1a3f4spazzrp4.cloudfront.net
|
18 KB |
0 |
Failed
function sub() { [native code] }. Failed |
0 B |
25 | 3 |
Domain | Requested by | |
---|---|---|
23 | ganhedesconto.com |
ganhedesconto.com
|
1 | d1a3f4spazzrp4.cloudfront.net | |
0 | liecbddmkiiihnedobmlmillhodjkdmb Failed |
ganhedesconto.com
|
25 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uber.com |
Subject / Issuer | Validity | Valid |
---|---|---|
ganhedesconto.com Let's Encrypt Authority X3 |
2018-11-08 - 2019-02-06 |
3 months |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year |
Screenshot

Detected technologies
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Detected patterns
- url /\.php(?:$|\?)/i

Detected patterns
- headers server /Ubuntu/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Stats
0
Requests
0
Ad-blocked
0
Malicious
0
%
HTTPS
0
%
IPv6
0
Domains
0
Subdomains
0
IPs
0
Countries
0
kB
Transfer
0
kB
Size
0
Cookies
4 Outgoing links
These are links going to different origins than the main page. For each link, only the first name is shown.
- https://www.uber.com/legal/terms
Title: Termos e condições - https://www.uber.com/legal/privacy
Title: Política de privacidade - https://www.uber.com/legal/privacy/users/en/
Title: Política de privacidade - https://www.uber.com/legal/terms/us/
Title: Termos e Condições
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
registro.php
/conta |
1 KB 732 B |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
superfine.css
/conta/assets/css |
118 KB 19 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
superfine(1).css
/conta/assets/css |
210 KB 159 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uber-icons.css
/conta/assets/css |
105 KB 64 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css
/conta/assets/css |
9 KB 3 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
/conta/assets/js |
85 KB 30 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
geral.js
/conta/assets/js |
10 KB 2 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
/conta/inc |
54 KB 13 KB |
XHR text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
superfine.css
/conta/assets/css |
118 KB 19 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
superfine(1).css
/conta/assets/css |
210 KB 159 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uber-icons.css
/conta/assets/css |
105 KB 64 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-sign-up.458a0c8ef6cc46b42de1ab885b9f5574.css
/conta/assets/css |
9 KB 3 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
/conta/assets/css |
276 KB 139 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
avenir-next-lt.css
/conta/assets/css |
765 B 548 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
avenir.css
/conta/assets/css |
852 B 539 B |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Verified
font-awesome.min.css
/conta/assets/css |
26 KB 6 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-iconic.min.css
/conta/assets/css |
12 KB 3 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
react-datepicker-0.41.1.css
/conta/assets/css |
11 KB 2 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
content.css
liecbddmkiiihnedobmlmillhodjkdmb/css |
0 0 |
|||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
/conta/assets/css |
7 KB 3 KB |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
/conta/assets/js |
85 KB 30 KB |
XHR application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Verified
jquery.maskedinput.js
/conta/assets/js |
7 KB 3 KB |
XHR application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
geral.js
/conta/assets/js |
10 KB 2 KB |
XHR application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
load.gif
/conta/assets/img |
262 KB 262 KB |
Image image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1454024011-global_aqua_01_scale_125_144dpi_01-37a1ca0b8b.png
d1a3f4spazzrp4.cloudfront.net/arch-frontend/1.0.0/d1a3f4spazzrp4.cloudfront.net |
17 KB 18 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
27 KB 0 |
Font application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
32 KB 0 |
Font application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
31 KB 0 |
Font application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
data:truncated
data:truncated |
19 KB 0 |
Font application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Redirect requests
There were HTTP redirects (301, 302) for the following requests:
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- liecbddmkiiihnedobmlmillhodjkdmb
- URL
- chrome-extension://liecbddmkiiihnedobmlmillhodjkdmb/css/content.css
Malicious behaviour and content
Phishtank submission Was submitted from known phishing list
- Type: url
- Value: https://ganhedesconto.com/conta/registro.php (Main page)
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| mascara function| execmascara function| soNumeros function| soLetras number| pos0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators of compromise (IoCs)
This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.
d1a3f4spazzrp4.cloudfront.net ganhedesconto.com liecbddmkiiihnedobmlmillhodjkdmb liecbddmkiiihnedobmlmillhodjkdmb 13.58.28.70 143.204.98.132 09f376afa8bf76a9141d546aa41ccedf0db54a72166a5c067e3e527013d5ce62 1873ea0ac87b6a95caa1bdba10a0b93b6fe00c70d488a5727a11168c9c36517c 323096575cb514f494901242ac7526db5e1970e0959b85b3603e0987559047e1 34d900717b55f553ea37f9208ca96e50689b8a6d420237d6a1863b049710ab9f 38dbd089b62a7670bd19e189fee5beb972d1f8f22b2d88bbfd2fe0c2ea9871b7 5ecfdf3563c3005037f02357f00ab91be8b5860f0bca998b6a61dc8b20532574 62768e021ea70de59e6e87b0d4419963469a448309bc501c333ec51c54d68b2b 81076662a0d74329348f6a3005f572e6edfd90a5f930f6b938bbcaea4d41fede 84d6736aca07232d00a61f57f84c78232c12adcce032937ae7f4313fe0ef8611 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829 acf8385a5c6c6cad6c38eb47b2f8742776d42510feedd49179de3ea2fa0d83da b57312e9203c631e4435fa1c8c6d5236ac23050dc4948ef050089e80d2425bcd b6445409d8b440d3ae78c0c1a3a4951aefe5c72c243ccec24f39ac52c13ad120 b95410c0b0c7781effad257cf2e40d94d2dfd60d3f6b65c351cfe045d44b920c bd0036eab65ce50fc360db502f12ab38deab9fc75ded555e559b1fa514031927 bf7ddec2bffa6786ccd5f8f19e9f5624bcc20a3d7ca46766377405549d63d798 c52e3c10cb3c007aaaf0740e35fdde80ae4509bc71f9abe5abf0b960de024a97 c83db2ca87af3eb7b01a14709aec5e20e07d115dfdb61b3e56dbd66e116b029b cbc532210e14fe216bb4fdda45ab0326ca802cbb80c0fd35507b028ec6b74880 d806e2ee0dff08ea1938cfd9a12a9ab984878aefc63400a6eb2e9ce40b6aec45 e416a1431e345b69e446e13652eb70be0c393acee52019de2cf396d818636fa6