urlscan.io logo urlscan.io
SecurityTrails logo

activermail.j.scaleforce.net Open in urlscan Pro
185.141.192.33  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://activermail.j.scaleforce.net/
Submission Tags: @phish_report
Submission: On October 01 via api from FI — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 7 countries across 13 domains to perform 25 HTTP transactions. The main IP is 185.141.192.33, located in London, United Kingdom and belongs to SHARKTECH, US. The main domain is activermail.j.scaleforce.net.
TLS certificate: Issued by R11 on September 12th 2024. Valid for: 3 months.
This is the only time activermail.j.scaleforce.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Universo Online (UOL) (Banking)

Domain & IP information

IP Address AS Autonomous System
1 185.141.192.33 46844 (SHARKTECH)
1 2804:49c:3102... 15201 (Universo ...)
2 2600:9000:276... 16509 (AMAZON-02)
1 104.18.3.212 13335 (CLOUDFLAR...)
1 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
1 2600:9000:237... 16509 (AMAZON-02)
1 200.147.66.10 7162 (Universo ...)
3 2600:9000:237... 16509 (AMAZON-02)
2 2600:9000:225... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 52.85.65.76 16509 (AMAZON-02)
1 104.18.14.252 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 37.252.171.21 29990 (ASN-APPNEX)
1 2 34.102.185.99 396982 (GOOGLE-CL...)
1 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
1 2804:49c:3101... 15201 (Universo ...)
1 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
25 20
1    185.141.192.33 (London, United Kingdom)

ASN46844 (SHARKTECH, US)
PTR: 185-141-192-33.dc1.lon.uk.scaleforce.net
activermail.j.scaleforce.net
1    2804:49c:3102:405:ffff:ffff:ffff:7 (Brazil)

ASN15201 (Universo Online S.A., BR)
imguol.com
2    2600:9000:2761:3000:6:9eb2:5cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
tm.jsuol.com.br
1    104.18.3.212 (None, )

ASN13335 (CLOUDFLARENET, US)
dna.uol.com.br
1    2a02:26f0:e300::5f64:9252 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
me.jsuol.com.br
1    2600:9000:237d:d600:6:5b96:3f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tm.uol.com.br
1    200.147.66.10 (Brazil)

ASN7162 (Universo Online S.A., BR)
imgpx.uol.com.br
3    2600:9000:237d:3e00:6:5b96:3f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tm.uol.com.br
2    2600:9000:225b:ba00:1:bcff:6780:93a1 (United States)

ASN16509 (AMAZON-02, US)
udr.uol.com.br
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    52.85.65.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-65-76.muc50.r.cloudfront.net
sb.scorecardresearch.com
1    104.18.14.252 (None, )

ASN13335 (CLOUDFLARENET, US)
dna-checker.pagseguro.uol.com.br
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.nl
1    37.252.171.21 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    34.102.185.99 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 99.185.102.34.bc.googleusercontent.com
m.t.tailtarget.com
1    2a02:26f0:e300:18e::14a9 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
cdn-4.convertexperiments.com
1    2804:49c:3101:401:ffff:ffff:ffff:52 (Brazil)

ASN15201 (Universo Online S.A., BR)
tracker.bt.uol.com.br
1    2a02:26f0:e300::5f64:9240 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
hp.imguol.com.br
Apex Domain
Subdomains		 Transfer
10 uol.com.br
dna.uol.com.br — Cisco Umbrella Rank: 364430
tm.uol.com.br — Cisco Umbrella Rank: 81630
imgpx.uol.com.br
udr.uol.com.br — Cisco Umbrella Rank: 92625
dna-checker.pagseguro.uol.com.br — Cisco Umbrella Rank: 529653
tracker.bt.uol.com.br — Cisco Umbrella Rank: 86261
50 KB
3 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 194
7 KB
3 jsuol.com.br
tm.jsuol.com.br — Cisco Umbrella Rank: 76917
me.jsuol.com.br — Cisco Umbrella Rank: 94708
29 KB
2 tailtarget.com
m.t.tailtarget.com — Cisco Umbrella Rank: 185911
598 B
1 imguol.com.br
hp.imguol.com.br
16 KB
1 convertexperiments.com
cdn-4.convertexperiments.com — Cisco Umbrella Rank: 9476
75 KB
1 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 292
581 B
1 google.nl
www.google.nl — Cisco Umbrella Rank: 11954
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 152
562 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4111
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 57
91 KB
1 imguol.com
imguol.com — Cisco Umbrella Rank: 113402
5 KB
1 scaleforce.net
activermail.j.scaleforce.net
4 KB
25 13
Domain Requested by
4 tm.uol.com.br activermail.j.scaleforce.net
3 sb.scorecardresearch.com 1 redirects activermail.j.scaleforce.net
2 m.t.tailtarget.com 1 redirects activermail.j.scaleforce.net
2 udr.uol.com.br tm.jsuol.com.br
2 tm.jsuol.com.br activermail.j.scaleforce.net
tm.jsuol.com.br
1 hp.imguol.com.br
1 tracker.bt.uol.com.br activermail.j.scaleforce.net
1 cdn-4.convertexperiments.com activermail.j.scaleforce.net
1 ib.adnxs.com tm.jsuol.com.br
1 www.google.nl activermail.j.scaleforce.net
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 dna-checker.pagseguro.uol.com.br
1 www.googletagmanager.com me.jsuol.com.br
1 imgpx.uol.com.br activermail.j.scaleforce.net
1 me.jsuol.com.br activermail.j.scaleforce.net
1 dna.uol.com.br activermail.j.scaleforce.net
1 imguol.com activermail.j.scaleforce.net
1 activermail.j.scaleforce.net
25 19

This site contains links to these domains. Also see Links.

Domain
regras.uol.com.br
sac.uol.com.br
denuncia.uol.com.br
Subject Issuer Validity Valid
*.j.scaleforce.net
R11		 2024-09-12 -
2024-12-11		 3 months crt.sh
*.imguol.com
RapidSSL TLS RSA CA G1		 2024-07-22 -
2025-08-06		 a year crt.sh
*.jsuol.com.br
Amazon RSA 2048 M03		 2024-07-03 -
2025-07-31		 a year crt.sh
dna.uol.com.br
WE1		 2024-08-11 -
2024-11-10		 3 months crt.sh
www.uol.com.br
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-19 -
2025-03-12		 6 months crt.sh
*.uol.com.br
Amazon RSA 2048 M02		 2024-06-05 -
2025-07-04		 a year crt.sh
imgpx.uol.com.br
RapidSSL TLS RSA CA G1		 2023-11-28 -
2024-12-28		 a year crt.sh
*.google-analytics.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
pagseguro.uol.com.br
WE1		 2024-09-24 -
2024-12-23		 3 months crt.sh
*.scorecardresearch.com
Sectigo RSA Organization Validation Secure Server CA		 2023-12-11 -
2024-12-10		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google.nl
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh
*.convertexperiments.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-09 -
2024-11-09		 a year crt.sh
uol.com
GeoTrust TLS RSA CA G1		 2024-08-23 -
2025-09-22		 a year crt.sh

This page contains 4 frames:

Primary Page: https://activermail.j.scaleforce.net/
Frame ID: 425E9AFD8044C8F3F075741D52480A59
Requests: 22 HTTP requests in this frame

Frame: https://tm.uol.com.br/mercurio.html
Frame ID: FBA49D32ECDDE98EEA6004D243316589
Requests: 1 HTTP requests in this frame

Frame: https://tm.uol.com.br/purge-clients.html?name=DEretargeting&expname=DEretargetingExp&expdomain=1
Frame ID: 043F77C0EB7C282E79C8D61AC7F8CE2B
Requests: 1 HTTP requests in this frame

Frame: https://tm.uol.com.br/purge-clients.html?name=dynad_rt&expname=dynad_rt_exp&expdomain=1
Frame ID: 9BB554CA890E57632296A73BFA9721BC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

E-mail UOL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

25
Requests

92 %
HTTPS

65 %
IPv6

13
Domains

19
Subdomains

20
IPs

7
Countries

277 kB
Transfer

935 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://sb.scorecardresearch.com/cs/6036356/beacon.js HTTP 302
  • https://sb.scorecardresearch.com/internal-cs/6036356/beacon-ios.js
Request Chain 18
  • https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571 HTTP 302
  • https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571?check=1

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
activermail.j.scaleforce.net/ 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.141.192.33 London, United Kingdom, ASN46844 (SHARKTECH, US),
Reverse DNS
185-141-192-33.dc1.lon.uk.scaleforce.net
Software
openresty /
Resource Hash
2d15fdd432c080e29ad306c7aea3c963343fe150e1043edb1cdc33466dea009d
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
3109
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Tue, 01 Oct 2024 15:52:55 GMT
etag
"2b18-623661c052700-gzip"
last-modified
Tue, 01 Oct 2024 08:28:44 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
185.141.192.33
x-xss-protection
1; mode=block;
logo_uolmail2.png
imguol.com/p/g/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imguol.com/p/g/logos/logo_uolmail2.png
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2804:49c:3102:405:ffff:ffff:ffff:7 , Brazil, ASN15201 (Universo Online S.A., BR),
Reverse DNS
Software
nginx /
Resource Hash
b75d97768deedde2829838149f82856789465d957771f78e54644a876626d262

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
max-age=86400
etag
"8b870a78dd6243d8cd57b8a7aa18351d"
age
143470
expires
Mon, 07 Oct 2024 00:01:46 GMT
accept-ranges
bytes
x-cache
HIT
content-length
5247
date
Tue, 01 Oct 2024 15:52:56 GMT
content-type
image/png
last-modified
Wed, 28 Apr 2021 14:47:08 GMT
server
nginx
uoltm.js
tm.jsuol.com.br/ 		74 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tm.jsuol.com.br/uoltm.js?id=ouy6ez
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2761:3000:6:9eb2:5cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.23.0 /
Resource Hash
8215eb90b2ba2320f0374d7f10190377d5b1d5b65d3077b7fec0f1fa75200dc0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-transform, max-age=3600, must-revalidate, proxy-revalidate, must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
etag
704701f43e30c983703562bbed1830c9
via
1.1 d25e4a27039adc5d5e5994e9610df300.cloudfront.net (CloudFront)
expires
Tue, 01 Oct 2024 16:52:55 GMT
x-cache
Miss from cloudfront
content-length
17412
x-amz-cf-id
x7JkxEk-UVtgPi2ccRFnciCPUGAJ3Zm--DD3naM-E5wD3xghGeXdQg==
date
Tue, 01 Oct 2024 15:52:55 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 30 Aug 2024 19:06:48 GMT
server
marrakesh 1.23.0
x-amz-cf-pop
FRA60-P8
vary
Accept-Encoding
dna.min.js
dna.uol.com.br/js/ 		157 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dna.uol.com.br/js/dna.min.js
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecbd019f0900cc8cdd11f7f7953ec3f4a6afc68d0ba35b331932cd1931cd1467
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-request-id
80c742195e2edda2905bd0862bc4705c
cache-control
max-age=3600
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"667e2cae-272e1"
x-content-type-options
nosniff
cf-ray
8cbd9f676f85b981-AMS
expires
Tue, 01 Oct 2024 16:52:56 GMT
date
Tue, 01 Oct 2024 15:52:56 GMT
content-type
application/javascript
last-modified
Fri, 28 Jun 2024 03:23:26 GMT
vary
Accept-Encoding
server
cloudflare
platcorpseguranca.js
me.jsuol.com.br/aud/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://me.jsuol.com.br/aud/platcorpseguranca.js
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300::5f64:9252 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2938977098fcd9150adbfd5a2dc30254578d9b88ba24507ecbd22250aabdef1d

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-transform, must-revalidate, proxy-revalidate, max-age=3547
content-encoding
gzip
etag
8a9ebc3ef44359f62434a9e364e95e3e
server-timing
cdn-cache; desc=MISS, edge; dur=55, origin; dur=795, ak_p; desc="1727797975866_1600426574_103185949_85010_1298_28_60_146";dur=1
akamai-cache-status
Miss from child, Miss from parent
content-length
7366
date
Tue, 01 Oct 2024 15:52:56 GMT
akamai-grn
0.4e92645f.1727797975.6267e1d
last-modified
Fri, 06 Sep 2024 14:08:40 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
dmp-uol-sync.js
tm.uol.com.br/modules/ 		0
558 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tm.uol.com.br/modules/dmp-uol-sync.js
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:d600:6:5b96:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.16.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

x-amz-cf-id
qoqs_n9couN5EzVTBc2dNIp-viNLTG2mAN_iJ8wEocVIfl_GOaUang==
cache-control
no-transform, max-age=600, must-revalidate, proxy-revalidate, must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
etag
3970e82605c7d109bb348fc94e9eecc0
via
1.1 3fbcd51d3039c17ef404823aaeb1f66c.cloudfront.net (CloudFront)
expires
Tue, 01 Oct 2024 16:02:56 GMT
x-cache
Miss from cloudfront
content-length
20
p3p
CP="NOI DSP COR NID TAIa OUR IND COM NAV INT CNT"
date
Tue, 01 Oct 2024 15:52:56 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sun, 29 Sep 2024 01:33:31 GMT
server
marrakesh 1.16.6
x-amz-cf-pop
MUC50-P2
vary
Accept-Encoding
img.png
imgpx.uol.com.br/ 		69 B
435 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgpx.uol.com.br/img.png?x=&y=366357375371377371372357365301365353361364371302371372367370357303336370367356373372367371341367364303353355357371371367303&w=305311&h=366371353
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
200.147.66.10 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
nginx /
Resource Hash
1280e8de649805526731cc11672b0479f5ca25d9bd7ebf7a3375f8a9c966205e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Cache-Control
max-age=3600
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
Tue, 01 Oct 2024 16:52:56 GMT
Content-Length
69
Date
Tue, 01 Oct 2024 15:52:56 GMT
Content-Type
image/png
Content-Disposition
attachment; filename=img.png
Server
nginx
mercurio.html
tm.uol.com.br/ Frame FBA4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tm.uol.com.br/mercurio.html
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:3e00:6:5b96:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.16.6 /
Resource Hash

Request headers

Referer
https://activermail.j.scaleforce.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cache-control
no-transform, max-age=600, must-revalidate, proxy-revalidate must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
content-length
173
content-type
text/html;charset=UTF-8
date
Tue, 01 Oct 2024 15:52:56 GMT
etag
ba5203ce522cc70a434e9a70452ca145
expires
Tue, 01 Oct 2024 16:02:56 GMT
last-modified
Fri, 07 May 2021 13:45:52 GMT
p3p
CP="NOI DSP COR NID TAIa OUR IND COM NAV INT CNT"
server
marrakesh 1.16.6
vary
Accept-Encoding
via
1.1 ef6c1b0d6b04f2b7f81eb00fa448b890.cloudfront.net (CloudFront)
x-amz-cf-id
3A6qKaV9LK-Bfps3VC_aFKy4XOpqHKEfmTOiURBZbRFo1zJoX-Ipbw==
x-amz-cf-pop
MUC50-P2
x-cache
Miss from cloudfront
dmp-uol-sync.js
tm.jsuol.com.br/modules/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tm.jsuol.com.br/modules/dmp-uol-sync.js
Requested by
Host: tm.jsuol.com.br
URL: https://tm.jsuol.com.br/uoltm.js?id=ouy6ez
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2761:3000:6:9eb2:5cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.23.0 /
Resource Hash
0d234dd432ae51be7577452d705afe97d7ca4bb340fc79d295e13cd51c8b1657

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-transform, max-age=3600, must-revalidate, proxy-revalidate, must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
etag
34c2bc6bed13a9007c853ab542e20c3c
via
1.1 d25e4a27039adc5d5e5994e9610df300.cloudfront.net (CloudFront)
expires
Tue, 01 Oct 2024 16:52:56 GMT
x-cache
Miss from cloudfront
content-length
3825
x-amz-cf-id
-03PpsuCkgZA24vVSKJcXwpQdy4R176wDANzG9ekE29zz31Hz6zL2g==
date
Tue, 01 Oct 2024 15:52:56 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 17 Sep 2024 19:30:48 GMT
server
marrakesh 1.23.0
x-amz-cf-pop
FRA60-P8
vary
Accept-Encoding
/
udr.uol.com.br/ 		142 B
626 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://udr.uol.com.br/
Requested by
Host: tm.jsuol.com.br
URL: https://tm.jsuol.com.br/modules/dmp-uol-sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:ba00:1:bcff:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
e011d1a4d11439df1f320232a2345479fd3233c85e46a1b855506972913e2901

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
access-control-allow-origin
https://activermail.j.scaleforce.net
x-cache
Miss from cloudfront
content-length
142
x-amz-cf-id
f5Rw44Hu1wp-mQOaNLPUwVyT7rHOvZEsSHjuiTcbgmPnrpnJC6idKw==
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
application/json
vary
Origin,cache-max-age
server
awselb/2.0
x-amz-cf-pop
MUC50-P1
/
udr.uol.com.br/ 		142 B
626 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://udr.uol.com.br/?scopes=base-assinantes,user-preferences,corporate,inscriptions,base-assinantes-pd-host-bol-user,clusters-conteudo,origem-sessoes,tabela-dinamica-clusters-conteudo,ca-apostas-2024,ca-apostas-v2-2024,teste-evino,ca-tim-usuarios-sete-acessos,ca-look-alike-v1
Requested by
Host: tm.jsuol.com.br
URL: https://tm.jsuol.com.br/modules/dmp-uol-sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:ba00:1:bcff:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
c007970265455ea6ebdb3bf66190bc2bd844a90f40c41344d599ef32f6326831

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
access-control-allow-origin
https://activermail.j.scaleforce.net
x-cache
Miss from cloudfront
content-length
142
x-amz-cf-id
ljE2wQwURXvM_o7hH4AI83K4sHBRxA6wCL_DJ87Pj26W3RO7YY6qtQ==
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
application/json
vary
Origin,cache-max-age
server
awselb/2.0
x-amz-cf-pop
MUC50-P1
js
www.googletagmanager.com/gtag/ 		256 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VPCVHFY8FT
Requested by
Host: me.jsuol.com.br
URL: https://me.jsuol.com.br/aud/platcorpseguranca.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
89fa76b5956d15e2979f983afd5f3cc0efb76fd284858d9e76a2f29205ae13cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 01 Oct 2024 15:52:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 15:52:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
92495
x-xss-protection
0
server
Google Tag Manager
beacon-ios.js
sb.scorecardresearch.com/internal-cs/6036356/
Redirect Chain
  • https://sb.scorecardresearch.com/cs/6036356/beacon.js
  • https://sb.scorecardresearch.com/internal-cs/6036356/beacon-ios.js
17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-cs/6036356/beacon-ios.js
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Server
52.85.65.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-65-76.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
81d4daac1053397fa7fab4c289004a6e60ea70675f6f67c6009f51548cf7ab49

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

vary
Accept-Encoding
cache-control
max-age=86400
content-encoding
gzip
etag
W/"a58adca31d122da5b2f4d67b79ad988b"
age
1359
via
1.1 2f720540a1a9a4394a2f93dffd5c0e5c.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ieSl9prRFk6AEtbTLmi2miCCEqgyDaretqYLKqGJh7A9tmjntNvWsQ==
date
Tue, 01 Oct 2024 15:33:22 GMT
content-type
application/javascript
last-modified
Wed, 07 Aug 2024 16:23:26 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P6
x-amz-server-side-encryption
AES256

Redirect headers

location
/internal-cs/6036356/beacon-ios.js
accept-ch
UA, Platform, Arch, Model, Mobile
via
1.1 2f720540a1a9a4394a2f93dffd5c0e5c.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
QTsGw6NIOffruHaLJBM5RrHjftndYC27rMVjhBS-u2yC7M8F_yQETg==
date
Tue, 01 Oct 2024 15:52:56 GMT
x-amz-cf-pop
MUC50-P6
bhr.js
dna-checker.pagseguro.uol.com.br/ 		29 B
504 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dna-checker.pagseguro.uol.com.br/bhr.js?v=0.1.89
Requested by
Host:
URL: dna.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.14.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e787af995b842a676901ade5af3d5b2ef18a1e6b0dd4000dfc50bd0adcc3f6d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=0
cf-cache-status
DYNAMIC
etag
W/"1d-191dd1fa7c8"
x-content-type-options
nosniff
cf-ray
8cbd9f6deab466d5-AMS
x-response-time
1.760ms
accept-ranges
bytes
content-length
29
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 10 Sep 2024 18:08:45 GMT
server
cloudflare
b
sb.scorecardresearch.com/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=6036356&cs_fpcu=f6dada8627184b899f2c70828d23d571&cs_it=m9&cv=4.7.0%2B2408011050&ns__t=1727797977033&ns_c=UTF-8&cs_cfg=111&c7=https%3A%2F%2Factivermail.j.scaleforce.net%2F&c8=E-mail%20UOL&c9=
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.65.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-65-76.muc50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

via
1.1 2f720540a1a9a4394a2f93dffd5c0e5c.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
EbnG3vwUXljD3Yhhkcy9hhkvZF5muY6uC-k0e6kNfLX3tSS8QcZ4vw==
date
Tue, 01 Oct 2024 15:52:57 GMT
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
MUC50-P6
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-VPCVHFY8FT&gtm=45je49u0v897314440za200&_p=1727797976799&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&cid=462650860.1727797977&ul=nl-nl&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1727797977&sct=1&seg=0&dl=https%3A%2F%2Factivermail.j.scaleforce.net%2F&dt=E-mail%20UOL&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.uol_property_id=343114192&up.pseudo_id=none&up.cookie_consent=none&up.login_widget=deslogado&tfd=1453
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VPCVHFY8FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://activermail.j.scaleforce.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
562 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VPCVHFY8FT&cid=462650860.1727797977&gtm=45je49u0v897314440za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VPCVHFY8FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://activermail.j.scaleforce.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.nl/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VPCVHFY8FT&cid=462650860.1727797977&gtm=45je49u0v897314440za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727&tag_exp=101671035~101686685~101747727&z=2141725292
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 01 Oct 2024 15:52:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
getuidj
ib.adnxs.com/ 		11 B
581 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: tm.jsuol.com.br
URL: https://tm.jsuol.com.br/modules/dmp-uol-sync.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
31.204.150.111; 31.204.150.111; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://activermail.j.scaleforce.net
an-x-request-uuid
e85da443-9252-4128-acac-6a3ecfebab51
content-length
11
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 01 Oct 2024 15:52:57 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571
m.t.tailtarget.com/sync/TT-10162-1/
Redirect Chain
  • https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571
  • https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571?check=1
43 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571?check=1
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
private, proxy-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx/1.17.8

Redirect headers

cache-control
private, proxy-revalidate
location
https://m.t.tailtarget.com/sync/TT-10162-1/6f5106e09618bd232d9c86bd123a3c2c15693cfaa3b468c41abf55e07b2d0571?check=1
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
145
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
text/html
server
nginx/1.17.8
10045931-10046043.js
cdn-4.convertexperiments.com/js/ 		252 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-4.convertexperiments.com/js/10045931-10046043.js
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300:18e::14a9 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
06f68303ad2d35faacb5f3e8b7501d2aced4dd067051be7b7864e00c3ed90355

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

access-control-max-age
86400
cache-control
public, max-age=300
content-encoding
gzip
access-control-allow-methods
GET,HEAD,POST,OPTIONS
expires
Tue, 01 Oct 2024 15:57:57 GMT
access-control-allow-origin
*
date
Tue, 01 Oct 2024 15:52:57 GMT
content-type
application/javascript
vary
Accept-Encoding
access-control-allow-headers
*
partner
tracker.bt.uol.com.br/ 		0
546 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracker.bt.uol.com.br/partner?source=tagmanager
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2804:49c:3101:401:ffff:ffff:ffff:52 , Brazil, ASN15201 (Universo Online S.A., BR),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache
Connection
close
Expires
Tue, 01 Oct 2024 15:52:57 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID TAIa OUR IND COM NAV INT CNT"
Date
Tue, 01 Oct 2024 15:52:58 GMT
Content-Type
application/javascript;charset=utf-8
Server
nginx
purge-clients.html
tm.uol.com.br/ Frame 043F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tm.uol.com.br/purge-clients.html?name=DEretargeting&expname=DEretargetingExp&expdomain=1
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:3e00:6:5b96:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.23.0 /
Resource Hash

Request headers

Referer
https://activermail.j.scaleforce.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cache-control
no-transform, max-age=600, must-revalidate, proxy-revalidate must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
content-length
182
content-type
text/html;charset=UTF-8
date
Tue, 01 Oct 2024 15:52:57 GMT
etag
8b30191927f0982283d45c76292da712
expires
Tue, 01 Oct 2024 16:02:57 GMT
last-modified
Sun, 04 Aug 2024 16:30:45 GMT
p3p
CP="NOI DSP COR NID TAIa OUR IND COM NAV INT CNT"
server
marrakesh 1.23.0
vary
Accept-Encoding
via
1.1 ef6c1b0d6b04f2b7f81eb00fa448b890.cloudfront.net (CloudFront)
x-amz-cf-id
nahdbGn5a4TRVrqZ_7X9j1Pt_o7e6DBLF77XVhgz3au9YFxLbjGhzA==
x-amz-cf-pop
MUC50-P2
x-cache
Miss from cloudfront
purge-clients.html
tm.uol.com.br/ Frame 9BB5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tm.uol.com.br/purge-clients.html?name=dynad_rt&expname=dynad_rt_exp&expdomain=1
Requested by
Host: activermail.j.scaleforce.net
URL: https://activermail.j.scaleforce.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:3e00:6:5b96:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
marrakesh 1.23.0 /
Resource Hash

Request headers

Referer
https://activermail.j.scaleforce.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cache-control
no-transform, max-age=600, must-revalidate, proxy-revalidate must-revalidate, proxy-revalidate, no-transform
content-encoding
gzip
content-length
182
content-type
text/html;charset=UTF-8
date
Tue, 01 Oct 2024 15:52:57 GMT
etag
8b30191927f0982283d45c76292da712
expires
Tue, 01 Oct 2024 16:02:57 GMT
last-modified
Thu, 15 Jun 2023 09:25:10 GMT
p3p
CP="NOI DSP COR NID TAIa OUR IND COM NAV INT CNT"
server
marrakesh 1.23.0
vary
Accept-Encoding
via
1.1 ef6c1b0d6b04f2b7f81eb00fa448b890.cloudfront.net (CloudFront)
x-amz-cf-id
sikSUvh3TH1StFXIoUxd5luI-nboM__8TjN1Xw5B7u7p5yC1Vf37xQ==
x-amz-cf-pop
MUC50-P2
x-cache
Miss from cloudfront
favico.ico
hp.imguol.com.br/c/home/layout/camaleao/favico/ 		133 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://hp.imguol.com.br/c/home/layout/camaleao/favico/favico.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300::5f64:9240 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8858dccff58b1764c2f1af0b2d90ecda7f5f9ba0886bab76f9f8522e337d331c

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://activermail.j.scaleforce.net/

Response headers

cache-control
max-age=13079
content-encoding
gzip
etag
"2159e-5bf3aa1ac8739"
access-control-allow-credentials
true
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
akamai-cache-status
Miss from child, Miss from parent
content-length
15567
date
Tue, 01 Oct 2024 15:53:00 GMT
akamai-grn
0.3c92645f.1727797979.380f073f
content-type
image/x-icon
last-modified
Mon, 05 Apr 2021 14:37:05 GMT
vary
Accept-Encoding
access-control-allow-headers
X-Accept-Charset,X-Accept,Content-Type,Cache-Control,Etag

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Universo Online (UOL) (Banking)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| UOLPD function| triggerUOLTM object| DnaUOL object| _$ function| hitOmniturePhoto function| hitOmniture object| dataLayer function| gtag function| uolAnalytics object| _comscore object| COMSCORE object| ns_ object| ns_p object| google_tag_manager object| google_tag_data object| gaGlobal object| convertData object| matched function| REED_$ object| REED object| convert object| _conv_q

8 Cookies

Domain/Path Name / Value
activermail.j.scaleforce.net/ Name: ROUTEID
Value: .1
activermail.j.scaleforce.net/ Name: _scor_uid
Value: f6dada8627184b899f2c70828d23d571
.activermail.j.scaleforce.net/ Name: _ga_VPCVHFY8FT
Value: GS1.1.1727797977.1.0.1727797977.60.0.0
.activermail.j.scaleforce.net/ Name: _ga
Value: GA1.1.462650860.1727797977
.udr.uol.com.br/ Name: UOLID
Value: 25fabbe0-3c64-4534-ba6c-6fe97b4b9160|0
.t.tailtarget.com/ Name: u
Value: fwAAAWb8GtlDZQbfGvw5AgB=
.t.tailtarget.com/ Name: _ssc
Value: y
.pagseguro.uol.com.br/ Name: __cf_bm
Value: EqISgc8whCJtH.1D1zPhRk5ye7.QyHJbz2Fi5F.gM0E-1727797977-1.0.1.1-P14uIxtXiT1iBi3BA.z5jbic81rX6TxL4tEmzNnjHRqwWnChwpWsg.x8Y.zo.Pvr1kmy.CfNGZYnrkLti2505A

2 Console Messages

Source Level URL
Text
security warning URL: https://tm.jsuol.com.br/uoltm.js?id=ouy6ez
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://tm.uol.com.br') does not match the recipient window's origin ('https://activermail.j.scaleforce.net').
security warning URL: https://tm.jsuol.com.br/uoltm.js?id=ouy6ez
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://tm.uol.com.br') does not match the recipient window's origin ('https://activermail.j.scaleforce.net').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

activermail.j.scaleforce.net
cdn-4.convertexperiments.com
dna-checker.pagseguro.uol.com.br
dna.uol.com.br
hp.imguol.com.br
ib.adnxs.com
imgpx.uol.com.br
imguol.com
m.t.tailtarget.com
me.jsuol.com.br
region1.analytics.google.com
sb.scorecardresearch.com
stats.g.doubleclick.net
tm.jsuol.com.br
tm.uol.com.br
tracker.bt.uol.com.br
udr.uol.com.br
www.google.nl
www.googletagmanager.com
104.18.14.252
104.18.3.212
185.141.192.33
200.147.66.10
2001:4860:4802:32::36
2600:9000:225b:ba00:1:bcff:6780:93a1
2600:9000:237d:3e00:6:5b96:3f00:93a1
2600:9000:237d:d600:6:5b96:3f00:93a1
2600:9000:2761:3000:6:9eb2:5cc0:93a1
2804:49c:3101:401:ffff:ffff:ffff:52
2804:49c:3102:405:ffff:ffff:ffff:7
2a00:1450:4001:809::2003
2a00:1450:4001:813::2008
2a00:1450:400c:c07::9d
2a02:26f0:e300:18e::14a9
2a02:26f0:e300::5f64:9240
2a02:26f0:e300::5f64:9252
34.102.185.99
37.252.171.21
52.85.65.76
06f68303ad2d35faacb5f3e8b7501d2aced4dd067051be7b7864e00c3ed90355
0d234dd432ae51be7577452d705afe97d7ca4bb340fc79d295e13cd51c8b1657
1280e8de649805526731cc11672b0479f5ca25d9bd7ebf7a3375f8a9c966205e
2938977098fcd9150adbfd5a2dc30254578d9b88ba24507ecbd22250aabdef1d
2d15fdd432c080e29ad306c7aea3c963343fe150e1043edb1cdc33466dea009d
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
81d4daac1053397fa7fab4c289004a6e60ea70675f6f67c6009f51548cf7ab49
8215eb90b2ba2320f0374d7f10190377d5b1d5b65d3077b7fec0f1fa75200dc0
8858dccff58b1764c2f1af0b2d90ecda7f5f9ba0886bab76f9f8522e337d331c
89fa76b5956d15e2979f983afd5f3cc0efb76fd284858d9e76a2f29205ae13cf
b75d97768deedde2829838149f82856789465d957771f78e54644a876626d262
c007970265455ea6ebdb3bf66190bc2bd844a90f40c41344d599ef32f6326831
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e011d1a4d11439df1f320232a2345479fd3233c85e46a1b855506972913e2901
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e787af995b842a676901ade5af3d5b2ef18a1e6b0dd4000dfc50bd0adcc3f6d4
ecbd019f0900cc8cdd11f7f7953ec3f4a6afc68d0ba35b331932cd1931cd1467
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629