Report - www.url.zip/a718dae/

Report Overview

Visited public
2023-11-30 12:40:37
Tags
meta facebook phishing social
URL
www.url.zip/a718dae/
Finishing URL
page-meta-support-id85475783.pages.net.br/1
IP / ASN
76.76.21.61
#16509 AMAZON-02
Title
Facebook
Phishing - Facebook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-30 06:35:27	2.3 kB	132 kB	216.58.207.227
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2023-11-30 09:15:30	560 B	20 kB	104.16.56.101
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-30 06:03:12	565 B	22 kB	142.250.74.106
www.url.zip	unknown	2023-04-04	2023-05-10 20:38:32	2023-11-28 19:10:34	985 B	1.0 MB	76.76.21.142
cdn.greatpages.com.br	unknown	2020-01-22	2020-10-04 12:55:49	2023-11-29 02:28:20	2.1 kB	1.1 MB	104.17.208.68
r3-pages-views.greatpages.com.br	unknown	2020-01-22	2022-12-22 15:46:40	2023-11-28 06:28:32	2.1 kB	331 B	104.17.209.68
cdn.greatsoftwares.com.br	585945	2020-02-08	2021-05-29 17:49:49	2023-11-29 07:39:12	518 B	3.7 kB	172.64.149.117
page-meta-support-id85475783.pages.net.br	unknown	unknown	No data	No data	1.8 kB	12 kB	104.18.43.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-30 12:40:23	low	Client IP	Internal IP	ET INFO Observed DNS Query to .zip TLD
2023-11-30 12:40:23	low	Client IP	Internal IP	ET INFO Observed DNS Query to .zip TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-30	medium	www.url.zip/a718dae/	Facebook, Inc.
2023-11-30	medium	page-meta-support-id85475783.pages.net.br/1	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-30	medium	url.zip	Sinkholed
2023-11-30	medium	url.zip	Sinkholed
2023-11-30	medium	pages.net.br	Sinkholed
2023-11-30	medium	pages.net.br	Sinkholed
2023-11-30	medium	pages.net.br	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	page-meta-support-id85475783.pages.net.br/1	ScriptElement	540 B	2023-11-20	2024-11-27
Pretty URL page-meta-support-id85475783.pages.net.br/1 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-20 23:56 Last Seen2024-11-27 12:01 Times Seen417 Hash 68001fcbccf4c89d9e378936cc9c59c8 10fde516faa0c9b775369282169b5f224c578683 4209d6e28acb2f88c72b86af4bc55057b3bd7c2f1de61cd2f91263d1ddf081ab Loading...

	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	ScriptElement	20 kB	2023-10-13	2025-05-09
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51 Last Seen2025-05-09 13:23 Times Seen17152 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/js.js	ScriptElement	115 kB	2023-11-30	2023-11-30
Pretty URL cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/js.js IP 104.17.208.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 13:40 Last Seen2023-11-30 13:40 Times Seen1 Hash 74a40c998925e601b481b332c6160635 95509b3679ad8343649d195c82df976fef2a1b75 aa34da77dd8f1c09855d68a35bde8d33e55c86613352060a743d9ef17913938c Loading...

	page-meta-support-id85475783.pages.net.br/1	ScriptElement	223 B	2024-08-20	2024-08-20
Pretty URL page-meta-support-id85475783.pages.net.br/1 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:21 Last Seen2024-08-20 17:21 Times Seen2 Hash 0361cc16c9386a399b43fb194db20995 141a850b837f31f5e6ba4d29908640db049e72cd 014e7709bfb1b1ad64706c2a1d1493f0aa7387c91317c2a3d3b5e292ba7a1316 Loading...

	page-meta-support-id85475783.pages.net.br/1	ScriptElement	243 B	2024-08-20	2024-08-20
Pretty URL page-meta-support-id85475783.pages.net.br/1 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:21 Last Seen2024-08-20 17:21 Times Seen2 Hash a2faa05292fd5cbeadff0b990de927da ab72081d80106297236ed5bebcf515de6dfc98fc 3ea00327629a6a0870a6b0d6ce56936af6bb868f953ac8f26db75eb6f457e84d Loading...

	page-meta-support-id85475783.pages.net.br/1	ScriptElement	2.3 kB	2024-08-20	2024-08-20
Pretty URL page-meta-support-id85475783.pages.net.br/1 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:21 Last Seen2024-08-20 17:21 Times Seen2 Hash 4787288f279565d874e4a2797fd6fddf 024db64651737f86b3946b6da8c35d5ab9305ec6 f9cbee72e97781c80777c9e9c7ed3676acee85361a6abc6ae69c4ea163abc8da Loading...

HTTP Transactions (17)

URL IP Response Size

www.url.zip/a718dae

76.76.21.142

307 Temporary Redirect

51 B

URL User Request GET HTTP/2
www.url.zip/a718dae
IP
76.76.21.142:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwww.url.zip
FingerprintEE:41:39:B5:8C:E1:B2:99:6B:86:C7:04:3D:B2:8F:CE:6E:D8:DE:4C
ValidityMon, 27 Nov 2023 16:13:44 GMT - Sun, 25 Feb 2024 16:13:43 GMT

File type
ASCII text, with no line terminators
Size
51 B (51 bytes)
Hash
cca93ca6da83bb044887bd11e0afc898
93b988207ac51f45b0071e5fdb3f8c6351806689
f19018eebef769a50e35fd0830baf4d4815a1855200b3f47d82140dd98f5218a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a718dae HTTP/1.1
Host: www.url.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 307 Temporary Redirect
age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
date: Thu, 30 Nov 2023 12:40:19 GMT
location: https://page-meta-support-id85475783.pages.net.br/1
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /en/[shortId]
x-vercel-cache: MISS
x-vercel-id: arn1::iad1::2c8m8-1701348019211-f58073d48f3a
content-length: 51
X-Firefox-Spdy: h2

cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/css.css

104.17.208.68

200 OK

5.4 kB

URL GET HTTP/1.1
cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/css.css
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23372), with no line terminators
Size
5.4 kB (5390 bytes)
Hash
aeff40a345dee30a2832b52e5eb7e046
113a15ae973d45f3c95cc87860d1021ccf68f5b4
7cd684139d86fdd64582a8d2e26e0738ebe2b1d9454e1db69d9a9fe3a7688d94

HTTP Headers

GET /page-meta-support-id85475783.pages.net.br-1/1701252138/css.css HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2023 12:40:20 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=23775
ETag: W/"06f9449818c01039f25e5cd4686d9c8a"
Last-Modified: Wed, 29 Nov 2023 10:02:20 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 51
Expires: Fri, 29 Nov 2024 12:40:20 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 82e328870f7eb51e-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/js.js

104.17.208.68

200 OK

25 kB

URL GET HTTP/1.1
cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/js.js
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (16582)
Size
25 kB (25322 bytes)
Hash
74a40c998925e601b481b332c6160635
95509b3679ad8343649d195c82df976fef2a1b75
aa34da77dd8f1c09855d68a35bde8d33e55c86613352060a743d9ef17913938c

HTTP Headers

GET /page-meta-support-id85475783.pages.net.br-1/1701252138/js.js HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2023 12:40:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=126395
ETag: W/"8a27b1e2ba66ae165e948184d999b5d3"
Last-Modified: Wed, 29 Nov 2023 10:02:20 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 50
Expires: Fri, 29 Nov 2024 12:40:20 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 82e328870b4556a8-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiZVdSRE1YQmFSR2N4VGtSak1VNTZaM3BNYmtKb1dqSldla3h0Tld4a1F6VnBZMms0ZUdsb1NrUmtXWFZOUTNNNVMxVlBlbTVsVlcxMVExWmhTRkl3WTBoTk5reDVPWGRaVjJSc1RGY3hiR1JIUlhSak0xWjNZMGM1IiwiZCI6IjIwMjMtMTEtMzAgMTI6NDA6MjQiLCJlIjoiR1BhZ2VzLjQyNTgxNzAxMzQ4MDI0NzY5IiwiaSI6ImMwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESkdhbHBZVG5waU1UbDNXbGhLZW1JeU5XaGlSMncyV1ZkU2RrbHFjSFZrVjNoelRFTktjR0p1VW14YU0wcG9XVEpHZGxneVdtaFpNbFpwWWpJNWNsZ3pRbkJsUjFaeldESldNbHBYTlRCaWVVazJTV3hDYUZveVZsZGhWMVl6U1dsM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVkwZFdlV015T1hWWlYzaHdaVzFHYTJKNVNUWmlibFp6WWtOM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVdUSTVkV1JIVmpGYVJ6bG1aRzFHYzJJelNXbFBiVFV4WWtkM2MwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESk9kbUp1VW14a1YxSjJXREl4ZGxwWFVtaEphbTlwVFVOS09YY3lSekpoVjFaV1lXNTRNVTFsYURObFpYWmhiVWhsZVVwd1drWTVia2xxYjJsUFJFazFUbnBuYVV4RFNuQmFSamwzV1Zka2NHSnRSV2xQYVVsNlQwUk5NMDFxVFdsTVEwcHdXa1k1YTJJeU1YQmliV3gyU1dwdmFVMVVUVEZOUkdzd1NXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPVEJpTW5Sc1ltbEpObUp1Vm5OaVEzZHBZVmMxTUZwWFpIbFpWMDVvWWpFNWJWbFhUbXhaYlRsMllURTVkMkZZYUd4aVJqbHZXVmRLY0dKSGJEQlpXRWxwVDIwMU1XSkhkM05KYld4MVpFZFdibU50Um1wWlZ6bG1XbTFHYWxwWFNuWmlNblJtWTBkc05GcFhlR1phV0Zwc1ltNVNkbGd6VW14ak0xSnNTV3B3ZFdSWGVITk1RMHB3WW01U2JGb3pTbWhaTWtaMldESmFhRmt5Vm1saU1qbHlXRE5DY0dWSFZuTkphbkIxWkZkNGMweERTbkJpYmxKc1dqTkthRmt5Um5aWU1scG9XVEpXYVdJeU9YSllNMEp3WlVkV2MxZ3lWakphVnpVd1lqRTVhRmt5Vm5wak1qaHBUMmxLVVZsWFpHeFdiV3hzWkhsSiIsImMiOiIifQ==

104.17.209.68

200 OK

31 B

URL GET HTTP/2
r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiZVdSRE1YQmFSR2N4VGtSak1VNTZaM3BNYmtKb1dqSldla3h0Tld4a1F6VnBZMms0ZUdsb1NrUmtXWFZOUTNNNVMxVlBlbTVsVlcxMVExWmhTRkl3WTBoTk5reDVPWGRaVjJSc1RGY3hiR1JIUlhSak0xWjNZMGM1IiwiZCI6IjIwMjMtMTEtMzAgMTI6NDA6MjQiLCJlIjoiR1BhZ2VzLjQyNTgxNzAxMzQ4MDI0NzY5IiwiaSI6ImMwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESkdhbHBZVG5waU1UbDNXbGhLZW1JeU5XaGlSMncyV1ZkU2RrbHFjSFZrVjNoelRFTktjR0p1VW14YU0wcG9XVEpHZGxneVdtaFpNbFpwWWpJNWNsZ3pRbkJsUjFaeldESldNbHBYTlRCaWVVazJTV3hDYUZveVZsZGhWMVl6U1dsM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVkwZFdlV015T1hWWlYzaHdaVzFHYTJKNVNUWmlibFp6WWtOM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVdUSTVkV1JIVmpGYVJ6bG1aRzFHYzJJelNXbFBiVFV4WWtkM2MwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESk9kbUp1VW14a1YxSjJXREl4ZGxwWFVtaEphbTlwVFVOS09YY3lSekpoVjFaV1lXNTRNVTFsYURObFpYWmhiVWhsZVVwd1drWTVia2xxYjJsUFJFazFUbnBuYVV4RFNuQmFSamwzV1Zka2NHSnRSV2xQYVVsNlQwUk5NMDFxVFdsTVEwcHdXa1k1YTJJeU1YQmliV3gyU1dwdmFVMVVUVEZOUkdzd1NXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPVEJpTW5Sc1ltbEpObUp1Vm5OaVEzZHBZVmMxTUZwWFpIbFpWMDVvWWpFNWJWbFhUbXhaYlRsMllURTVkMkZZYUd4aVJqbHZXVmRLY0dKSGJEQlpXRWxwVDIwMU1XSkhkM05KYld4MVpFZFdibU50Um1wWlZ6bG1XbTFHYWxwWFNuWmlNblJtWTBkc05GcFhlR1phV0Zwc1ltNVNkbGd6VW14ak0xSnNTV3B3ZFdSWGVITk1RMHB3WW01U2JGb3pTbWhaTWtaMldESmFhRmt5Vm1saU1qbHlXRE5DY0dWSFZuTkphbkIxWkZkNGMweERTbkJpYmxKc1dqTkthRmt5Um5aWU1scG9XVEpXYVdJeU9YSllNMEp3WlVkV2MxZ3lWakphVnpVd1lqRTVhRmt5Vm5wak1qaHBUMmxLVVZsWFpHeFdiV3hzWkhsSiIsImMiOiIifQ==
IP
104.17.209.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerLet's Encrypt
Subjectgreatpages.com.br
Fingerprint5E:BF:CF:85:ED:B2:22:B5:D9:29:14:F9:66:0C:25:EE:49:2C:E9:63
ValidityMon, 16 Oct 2023 03:37:40 GMT - Sun, 14 Jan 2024 03:37:39 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
b1a8ecd5c3f464c5ae872401ae1929c1
ec82b7e06d38b93eba0dd68108140711cfa86eb5
49d1cf6777396141389bf9230460e84cc9bf6260594eb25095297d5ab3098b90

HTTP Headers

GET /?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiZVdSRE1YQmFSR2N4VGtSak1VNTZaM3BNYmtKb1dqSldla3h0Tld4a1F6VnBZMms0ZUdsb1NrUmtXWFZOUTNNNVMxVlBlbTVsVlcxMVExWmhTRkl3WTBoTk5reDVPWGRaVjJSc1RGY3hiR1JIUlhSak0xWjNZMGM1IiwiZCI6IjIwMjMtMTEtMzAgMTI6NDA6MjQiLCJlIjoiR1BhZ2VzLjQyNTgxNzAxMzQ4MDI0NzY5IiwiaSI6ImMwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESkdhbHBZVG5waU1UbDNXbGhLZW1JeU5XaGlSMncyV1ZkU2RrbHFjSFZrVjNoelRFTktjR0p1VW14YU0wcG9XVEpHZGxneVdtaFpNbFpwWWpJNWNsZ3pRbkJsUjFaeldESldNbHBYTlRCaWVVazJTV3hDYUZveVZsZGhWMVl6U1dsM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVkwZFdlV015T1hWWlYzaHdaVzFHYTJKNVNUWmlibFp6WWtOM2FXRlhOVEJhVjJSNVdWZE9hR0l4T1cxWlYwNXNXVzA1ZG1FeE9YZGhXR2hzWWtZNWJHUnRWblZrUnpsbVdUSTVkV1JIVmpGYVJ6bG1aRzFHYzJJelNXbFBiVFV4WWtkM2MwbHRiSFZrUjFadVkyMUdhbGxYT1daYWJVWnFXbGRLZG1JeWRHWmpSMncwV2xkNFpscFlXbXhpYmxKMldESk9kbUp1VW14a1YxSjJXREl4ZGxwWFVtaEphbTlwVFVOS09YY3lSekpoVjFaV1lXNTRNVTFsYURObFpYWmhiVWhsZVVwd1drWTVia2xxYjJsUFJFazFUbnBuYVV4RFNuQmFSamwzV1Zka2NHSnRSV2xQYVVsNlQwUk5NMDFxVFdsTVEwcHdXa1k1YTJJeU1YQmliV3gyU1dwdmFVMVVUVEZOUkdzd1NXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPVEJpTW5Sc1ltbEpObUp1Vm5OaVEzZHBZVmMxTUZwWFpIbFpWMDVvWWpFNWJWbFhUbXhaYlRsMllURTVkMkZZYUd4aVJqbHZXVmRLY0dKSGJEQlpXRWxwVDIwMU1XSkhkM05KYld4MVpFZFdibU50Um1wWlZ6bG1XbTFHYWxwWFNuWmlNblJtWTBkc05GcFhlR1phV0Zwc1ltNVNkbGd6VW14ak0xSnNTV3B3ZFdSWGVITk1RMHB3WW01U2JGb3pTbWhaTWtaMldESmFhRmt5Vm1saU1qbHlXRE5DY0dWSFZuTkphbkIxWkZkNGMweERTbkJpYmxKc1dqTkthRmt5Um5aWU1scG9XVEpXYVdJeU9YSllNMEp3WlVkV2MxZ3lWakphVnpVd1lqRTVhRmt5Vm5wak1qaHBUMmxLVVZsWFpHeFdiV3hzWkhsSiIsImMiOiIifQ== HTTP/1.1
Host: r3-pages-views.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 12:40:20 GMT
content-type: application/json
content-length: 31
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82e328871c1bb512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.greatsoftwares.com.br/arquivos/paginas/82978-ce8b440cdb1bcaa9a141219d24df8bc7.png

172.64.149.117

200 OK

2.6 kB

URL GET HTTP/2
cdn.greatsoftwares.com.br/arquivos/paginas/82978-ce8b440cdb1bcaa9a141219d24df8bc7.png
IP
172.64.149.117:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subjectgreatsoftwares.com.br
Fingerprint67:7E:DB:D2:DC:14:C7:7B:17:48:17:20:56:DB:AB:72:C3:C7:85:09
ValidityFri, 13 Oct 2023 04:27:26 GMT - Thu, 11 Jan 2024 04:27:25 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2636 bytes)
Hash
f69dc58741d09324a5e3e7fe3ffdf8ea
af03d6613bd1704809d346079b412f4145cae826
1ffc0e9f90ab9b61e79447fb17552cd542aa452da3e3950e07843df5599c6d1d

HTTP Headers

GET /arquivos/paginas/82978-ce8b440cdb1bcaa9a141219d24df8bc7.png HTTP/1.1
Host: cdn.greatsoftwares.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 12:40:20 GMT
content-type: image/webp
content-length: 2636
access-control-allow-origin: *
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6636
content-disposition: inline; filename="82978-ce8b440cdb1bcaa9a141219d24df8bc7.webp"
etag: "22746a00bd1421be001d8404d48ecbc9"
expires: Fri, 29 Nov 2024 12:40:20 GMT
last-modified: Wed, 29 Nov 2023 09:58:58 GMT
vary: Accept
x-guploader-uploadid: ABPtcPoNLc_uowe9gYGj8DPbt6hGVoOiAUmBSI2de_VLYpzDwQHlxA_O6nLp_5pxL030OzTjgkpzqBsPlw
x-goog-generation: 1701251938457990
x-goog-hash: crc32c=LwDfqg==, md5=InRqAL0UIb4AHYQE1I7LyQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6636
cf-cache-status: HIT
age: 51
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82e3288818d8b4eb-OSL
X-Firefox-Spdy: h2

cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125086256028658.jpg

104.17.208.68

200 OK

6.2 kB

URL GET HTTP/1.1
cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125086256028658.jpg
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 436x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.2 kB (6230 bytes)
Hash
d3378b8dc76801580c648d027879d266
78db39e409dd8dc5403b0c4adac671d823a46ffd
d98336f5698b40c0c63d42fcf27bbc1c106f2816f11090dfb0c41afae5678706

HTTP Headers

GET /page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125086256028658.jpg HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2023 12:40:20 GMT
Content-Type: image/webp
Content-Length: 6230
Connection: keep-alive
Cf-Bgj: imgq:85,h2pri
Cf-Polished: qual=85, origFmt=jpeg, origSize=10000
Content-Disposition: inline; filename="383723_1_170125086256028658.webp"
ETag: "9769b79b12a774b104ddcc86e897ae7f"
Last-Modified: Wed, 29 Nov 2023 10:02:19 GMT
Vary: Accept
CF-Cache-Status: HIT
Age: 50
Expires: Fri, 29 Nov 2024 12:40:20 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 82e328890d5b56a8-OSL
alt-svc: h3=":443"; ma=86400

www.url.zip/a718dae/

76.76.21.142

308 Permanent Redirect

1.0 MB

URL User Request GET HTTP/2
www.url.zip/a718dae/
IP
76.76.21.142:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwww.url.zip
FingerprintEE:41:39:B5:8C:E1:B2:99:6B:86:C7:04:3D:B2:8F:CE:6E:D8:DE:4C
ValidityMon, 27 Nov 2023 16:13:44 GMT - Sun, 25 Feb 2024 16:13:43 GMT

File type
data
Size
1.0 MB (1043825 bytes)
Hash
abed40c38c710728910c61e224c33ac0
ecf6f7bae1452580ff66394efab901bbb1f819b7
5e8bef597dc1291dfe39472695cbd1fd65e90293c9049a33c0d17dc96887394f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a718dae/ HTTP/1.1
Host: www.url.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 308 Permanent Redirect
cache-control: public, max-age=0, must-revalidate
content-type: text/html
date: Thu, 30 Nov 2023 12:40:19 GMT
location: /a718dae
refresh: 0;url=/a718dae
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-id: arn1::nbl97-1701348019176-97a04681cce8
X-Firefox-Spdy: h2

page-meta-support-id85475783.pages.net.br/1

104.18.43.16

200 OK

10 kB

URL User Request GET HTTP/2
page-meta-support-id85475783.pages.net.br/1
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (42612)
Size
10 kB (10143 bytes)
Hash
480a6b0918c89e4a2728df80d7951f2e
29ab69986f78d4c2f05f39306769a2ee0ba062bd
80cd5c97772ab37dc37a11164b6d92d4f0e8f10d9adf2f129638c1589d8736b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1 HTTP/1.1
Host: page-meta-support-id85475783.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 12:40:20 GMT
content-type: text/html
cache-control: max-age=0
great-server: GreatApps
great-service: gpages-r3-pages
set-cookie: __cf_bm=.Dqa6E7oeApnLIhueHeCk69xcdfiRFFfwTFeeJWUlmY-1701348020-0-AcDgDsChNA+D68QSnqRT0oE8rrDylyHyBvscaT80PFMyRaFBoXbDq7dOxsK3PrLoSA4vhY25CD7UYWtsWd4rha8=; path=/; expires=Thu, 30-Nov-23 13:10:20 GMT; domain=.page-meta-support-id85475783.pages.net.br; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e328837eae56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:58 GMT
expires: Fri, 29 Nov 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 27562
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 55584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 27766
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:58 GMT
expires: Fri, 29 Nov 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 27562
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

page-meta-support-id85475783.pages.net.br/cdn-cgi/rum?

104.18.43.16

204 No Content

0 B

URL POST HTTP/3
page-meta-support-id85475783.pages.net.br/cdn-cgi/rum?
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: page-meta-support-id85475783.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 5866
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/1
Cookie: __cf_bm=.Dqa6E7oeApnLIhueHeCk69xcdfiRFFfwTFeeJWUlmY-1701348020-0-AcDgDsChNA+D68QSnqRT0oE8rrDylyHyBvscaT80PFMyRaFBoXbDq7dOxsK3PrLoSA4vhY25CD7UYWtsWd4rha8=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 30 Nov 2023 12:40:21 GMT
access-control-allow-origin: https://page-meta-support-id85475783.pages.net.br
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 82e3288b3c1656c3-OSL
x-frame-options: DENY
x-content-type-options: nosniff

page-meta-support-id85475783.pages.net.br/cdn-cgi/rum?

104.18.43.16

204 No Content

0 B

URL POST HTTP/3
page-meta-support-id85475783.pages.net.br/cdn-cgi/rum?
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: page-meta-support-id85475783.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 471
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Thu, 30 Nov 2023 12:40:35 GMT
access-control-allow-origin: https://page-meta-support-id85475783.pages.net.br
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 82e328e36a2c56c3-OSL
x-frame-options: DENY
x-content-type-options: nosniff

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.56.101

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.56.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8
ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://page-meta-support-id85475783.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 12:40:20 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e32886df49b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap

142.250.74.106

200 OK

21 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
21 kB (20880 bytes)
Hash
cfd2bfa9a48d5801a392162c7f5f6974
3605f19972d3d38d04e065e94e4cce99518dfa25
6f87cc6bf2ce4e626bb979716def2d03c0b868f416400c94c9a3a2cb158f708e

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 30 Nov 2023 12:40:20 GMT
date: Thu, 30 Nov 2023 12:40:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125116268583421.gif

104.17.208.68

200 OK

1.0 MB

URL GET HTTP/1.1
cdn.greatpages.com.br/page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125116268583421.gif
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://page-meta-support-id85475783.pages.net.br/1
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1920 x 1080\012- data
Size
1.0 MB (1043703 bytes)
Hash
02ff08d6cc278a935bbd4721bef35f0b
23a2ffc2bbcd4ddebc6f92340ab6bd14fcc8297d
674fc7efd1b68ed594d04be2fdf655c8b74e1ae9b026d4f132e1ae037f3935ff

HTTP Headers

GET /page-meta-support-id85475783.pages.net.br-1/1701252138/imagens/desktop/383723_1_170125116268583421.gif HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://page-meta-support-id85475783.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2023 12:40:20 GMT
Content-Type: image/gif
Content-Length: 1043703
Connection: keep-alive
Cf-Bgj: imgq:85,h2pri
Cf-Polished: status=not_needed
ETag: "02ff08d6cc278a935bbd4721bef35f0b"
Last-Modified: Wed, 29 Nov 2023 10:02:20 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 49
Expires: Fri, 29 Nov 2024 12:40:20 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 82e32889098ab51e-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type