appweb-mall-logln.sp.skdrive.net
Open in
urlscan Pro
131.255.179.253
Malicious Activity!
Public Scan
Effective URL: https://appweb-mall-logln.sp.skdrive.net/atualize&uol&mail_rlz=1C1KNTJ_pt-BRBR1054BR1054&oq=uol&aqs=69i57j46i131i199i433i465i512j
Submission: On May 22 via manual from BR — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 11th 2023. Valid for: 3 months.
This is the only time appweb-mall-logln.sp.skdrive.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Universo Online (UOL) (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 13.58.57.95 13.58.57.95 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2008 | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:828::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:400c:c09::9a | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 212.127.94.2 212.127.94.2 | 15851 (WASK-COM ...) (WASK-COM WROCMAN-COM non-educational part of WASK network) | |
1 9 | 131.255.179.253 131.255.179.253 | 264491 (Sonik Ser...) (Sonik Servicos de Comunicacao LTDA) | |
2 | 2a00:1450:400... 2a00:1450:4001:811::2004 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:82a::2003 | 15169 (GOOGLE) (GOOGLE) | |
23 | 8 |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-58-57-95.us-east-2.compute.amazonaws.com
uqr.to |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15851 (WASK-COM WROCMAN-COM non-educational part of WASK network, Wroclaw,Poland, PL)
PTR: misha.static.ip.WRO.Korbank.PL
u0ll0gin.node.cloudlets.zone |
ASN264491 (Sonik Servicos de Comunicacao LTDA, BR)
PTR: 253-179-255-131.soniknet.com.br
appweb-mall-logln.sp.skdrive.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
skdrive.net
1 redirects
appweb-mall-logln.sp.skdrive.net |
122 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30 |
21 KB |
2 |
google.de
www.google.de — Cisco Umbrella Rank: 6080 |
515 B |
2 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
515 B |
2 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 76 |
413 B |
1 |
cloudlets.zone
1 redirects
u0ll0gin.node.cloudlets.zone |
478 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
49 KB |
1 |
uqr.to
uqr.to — Cisco Umbrella Rank: 313023 |
2 KB |
0 |
uol.com
Failed
stc.uol.com Failed |
|
0 |
imguol.com
Failed
imguol.com Failed |
|
23 | 10 |
Domain | Requested by | |
---|---|---|
9 | appweb-mall-logln.sp.skdrive.net |
1 redirects
uqr.to
appweb-mall-logln.sp.skdrive.net |
3 | www.google-analytics.com |
www.googletagmanager.com
uqr.to |
2 | www.google.de | |
2 | www.google.com | |
2 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | u0ll0gin.node.cloudlets.zone | 1 redirects |
1 | www.googletagmanager.com |
uqr.to
|
1 | uqr.to | |
0 | stc.uol.com Failed |
appweb-mall-logln.sp.skdrive.net
|
0 | imguol.com Failed |
appweb-mall-logln.sp.skdrive.net
|
23 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
email.uol.com.br |
uolmailsecurity-001-site1.atempurl.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
uqr.to R3 |
2023-03-29 - 2023-06-27 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
*.sp.skdrive.net R3 |
2023-05-11 - 2023-08-09 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://appweb-mall-logln.sp.skdrive.net/atualize&uol&mail_rlz=1C1KNTJ_pt-BRBR1054BR1054&oq=uol&aqs=69i57j46i131i199i433i465i512j
Frame ID: C0F7E8F37ADBBED19D67486C02749E86
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
E-mail UOLPage URL History Show full URLs
- https://uqr.to/1j3xz Page URL
-
https://u0ll0gin.node.cloudlets.zone/links.php
HTTP 302
https://appweb-mall-logln.sp.skdrive.net/?763189 HTTP 302
https://appweb-mall-logln.sp.skdrive.net/atualize&uol&mail_rlz=1C1KNTJ_pt-BRBR1054BR1054&oq=uol&aqs=69i57j46i131i199i... Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: ASSINE JÁ
Search URL Search Domain Scan URL
Title: ASSINE JÁ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://uqr.to/1j3xz Page URL
-
https://u0ll0gin.node.cloudlets.zone/links.php
HTTP 302
https://appweb-mall-logln.sp.skdrive.net/?763189 HTTP 302
https://appweb-mall-logln.sp.skdrive.net/atualize&uol&mail_rlz=1C1KNTJ_pt-BRBR1054BR1054&oq=uol&aqs=69i57j46i131i199i433i465i512j Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
1j3xz
uqr.to/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
127 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
51 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 343 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 70 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 194 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 91 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
atualize&uol&mail_rlz=1C1KNTJ_pt-BRBR1054BR1054&oq=uol&aqs=69i57j46i131i199i433i465i512j
appweb-mall-logln.sp.skdrive.net/ Redirect Chain
|
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
158 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
partner
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
827 B 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo_uolmail2.png
imguol.com/p/g/logos/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-uol.svg
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
17 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-pagseguro.svg
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-uolhost.svg
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
18 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
appweb-mall-logln.sp.skdrive.net/index_arquivos/ |
56 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-regular.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-bold.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-lighter.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- imguol.com
- URL
- https://imguol.com/p/g/logos/logo_uolmail2.png
- Domain
- stc.uol.com
- URL
- https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.woff
- Domain
- stc.uol.com
- URL
- https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.woff
- Domain
- stc.uol.com
- URL
- https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Universo Online (UOL) (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| mostrar function| esconder function| onSubmit function| onloadCallback object| osirisUai function| uolAnalytics object| universal_variable object| uolads object| dnaReady undefined| dnaRun object| webpackJsonposiris-frontend8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
uqr.to/ | Name: stat_session2571191 Value: b8c18c6b-80bf-44de-8973-f550de9a155a |
|
uqr.to/ | Name: device_view Value: full |
|
.uqr.to/ | Name: _ga Value: GA1.2.1352210915.1684764912 |
|
.uqr.to/ | Name: _gid Value: GA1.2.2024861691.1684764912 |
|
.uqr.to/ | Name: _dc_gtm_UA-18982026-1 Value: 1 |
|
.uqr.to/ | Name: _dc_gtm_UA-18982026-3 Value: 1 |
|
u0ll0gin.node.cloudlets.zone/ | Name: SRVGROUP Value: common |
|
appweb-mall-logln.sp.skdrive.net/ | Name: SRVGROUP Value: common |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appweb-mall-logln.sp.skdrive.net
imguol.com
stats.g.doubleclick.net
stc.uol.com
u0ll0gin.node.cloudlets.zone
uqr.to
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
imguol.com
stc.uol.com
13.58.57.95
131.255.179.253
212.127.94.2
2a00:1450:4001:811::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2008
2a00:1450:400c:c09::9a
0b931dd83952d1b448e6afb2520ca01091274b875839e4134e6c0bf433b61587
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2379d136b78de5869d1937d82bf940b355864749e989829f3ef49fa3c5095464
2e7d476b62899f136cb77b73e9360bb733e128c0a9fb355384ce5f3b75ba69dd
4cc86e7e65f1f8332228e8d1735ba8b7e82367c6e93d644c3d41c473891b6c2d
65f6d50704b7f2be48b03a6df038d4e47788a64bf6e7e8061a7acdb4ed344a59
6f1d74f97d22f131acfa463839affc314352a452eb6649b8d9fd181e1b83d487
878b1d56a33e5dfd767db7fca875afe3bb8b9424d653132425b984d2197f038a
8d828650afa0e87b3ece850b6be4d2eaded63e4e4424a190f1ce39f62460f625
9369e6384596ebc8c7bfc024dca2876deaa3c452b8e22252ce730845f4d44b71
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44