urlscan.io logo urlscan.io
SecurityTrails logo

loginn-terrraa-maiil-7971191.hidora.com Open in urlscan Pro
45.66.221.1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://re-dir-env-2747197.hidora.com/
Effective URL: https://loginn-terrraa-maiil-7971191.hidora.com/
Submission Tags: @phish_report
Submission: On December 12 via api from FI — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 5 countries across 5 domains to perform 7 HTTP transactions. The main IP is 45.66.221.1, located in Switzerland and belongs to Hidora HIDORA SA, CH. The main domain is loginn-terrraa-maiil-7971191.hidora.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 27th 2024. Valid for: a year.
This is the only time loginn-terrraa-maiil-7971191.hidora.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Terra (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
4 45.66.221.1 56798 (Hidora HI...)
1 1 104.17.112.233 13335 (CLOUDFLAR...)
1 91.134.10.127 16276 (OVH OVH SAS)
1 2a02:26f0:ab0... 20940 (AKAMAI-AS...)
1 2600:9000:214... 16509 (AMAZON-02)
7 4
4    45.66.221.1 (Switzerland)

ASN56798 (Hidora HIDORA SA, CH)
re-dir-env-2747197.hidora.com
loginn-terrraa-maiil-7971191.hidora.com
1    104.17.112.233 (None, )

ASN13335 (CLOUDFLARENET, US)
tinyurl.com
1    91.134.10.127 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ns3243671.ip-91-134-10.eu
i.ibb.co
1    2a02:26f0:ab00::b819:3323 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
s1.trrsf.com.br
1    2600:9000:214f:c000:1f:3000:7b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
media.gazetadopovo.com.br
Apex Domain
Subdomains		 Transfer
4 hidora.com
re-dir-env-2747197.hidora.com
loginn-terrraa-maiil-7971191.hidora.com
5 KB
1 gazetadopovo.com.br
media.gazetadopovo.com.br
63 KB
1 trrsf.com.br
s1.trrsf.com.br
48 KB
1 ibb.co
i.ibb.co — Cisco Umbrella Rank: 14048
20 KB
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 21195
857 B
7 5
Domain Requested by
3 re-dir-env-2747197.hidora.com re-dir-env-2747197.hidora.com
1 media.gazetadopovo.com.br
1 s1.trrsf.com.br loginn-terrraa-maiil-7971191.hidora.com
1 i.ibb.co loginn-terrraa-maiil-7971191.hidora.com
1 loginn-terrraa-maiil-7971191.hidora.com re-dir-env-2747197.hidora.com
1 tinyurl.com 1 redirects
7 6

This site contains no links.

Subject Issuer Validity Valid
*.hidora.com
Go Daddy Secure Certificate Authority - G2		 2024-07-27 -
2025-07-27		 a year crt.sh
ibb.co
E6		 2024-10-21 -
2025-01-19		 3 months crt.sh
terra.com.br
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-20 -
2025-09-20		 a year crt.sh
*.gazetadopovo.com.br
Amazon RSA 2048 M02		 2024-10-17 -
2025-11-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://loginn-terrraa-maiil-7971191.hidora.com/
Frame ID: 2A355AEF2AD3C424774101E7B6C1A34F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Terra Mail

Page URL History Show full URLs

  1. https://re-dir-env-2747197.hidora.com/ Page URL
  2. https://tinyurl.com/CDETGBHJ HTTP 301
    https://loginn-terrraa-maiil-7971191.hidora.com/ Page URL

Page Statistics

7
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

4
IPs

5
Countries

136 kB
Transfer

141 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://re-dir-env-2747197.hidora.com/ Page URL
  2. https://tinyurl.com/CDETGBHJ HTTP 301
    https://loginn-terrraa-maiil-7971191.hidora.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
re-dir-env-2747197.hidora.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://re-dir-env-2747197.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.1 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
e5cc2b8cf8cab6b55f2f41638b08bfb66c63f2ad1e3e101f97ebabb1f64fb512
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding
gzip
content-length
946
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Thu, 12 Dec 2024 20:34:48 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
45.66.221.1
x-xss-protection
1; mode=block;
style.css
re-dir-env-2747197.hidora.com/ 		927 B
934 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://re-dir-env-2747197.hidora.com/style.css
Requested by
Host: re-dir-env-2747197.hidora.com
URL: https://re-dir-env-2747197.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.1 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
2b97858559ef6cf9fe39ba9b27f0e4fe957788f078015fb16af975e57ce33986
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://re-dir-env-2747197.hidora.com/

Response headers

content-encoding
gzip
etag
"39f-623cbbcd9fd80-gzip"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-resolver-ip
45.66.221.1
date
Thu, 12 Dec 2024 20:34:48 GMT
content-type
text/css
last-modified
Sun, 06 Oct 2024 09:43:34 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15811200
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
unsafe-none
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
content-length
427
x-xss-protection
1; mode=block;
server
openresty
favicon.ico
re-dir-env-2747197.hidora.com/ 		196 B
587 B 		Other
General
Check archive.org
Download Go to
Full URL
https://re-dir-env-2747197.hidora.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.1 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://re-dir-env-2747197.hidora.com/

Response headers

strict-transport-security
max-age=15811200
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cross-origin-embedder-policy
unsafe-none
permissions-policy
geolocation=(self), payment=(self)
content-length
196
date
Thu, 12 Dec 2024 20:34:48 GMT
x-xss-protection
1; mode=block;
content-type
text/html; charset=iso-8859-1
server
openresty
x-frame-options
SAMEORIGIN
Primary Request /
loginn-terrraa-maiil-7971191.hidora.com/
Redirect Chain
  • https://tinyurl.com/CDETGBHJ
  • https://loginn-terrraa-maiil-7971191.hidora.com/
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://loginn-terrraa-maiil-7971191.hidora.com/
Requested by
Host: re-dir-env-2747197.hidora.com
URL: https://re-dir-env-2747197.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.1 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
d68b1f70ecc3071b1718120398753368f53109b86f5a596f625a178dd4ae9820
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Referer
https://re-dir-env-2747197.hidora.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding
gzip
content-length
2091
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Thu, 12 Dec 2024 20:34:48 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
45.66.221.1
x-xss-protection
1; mode=block;

Redirect headers

age
720
alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
cf-cache-status
HIT
cf-ray
8f107f4f8abcdbe7-FRA
content-type
text/html; charset=utf-8
date
Thu, 12 Dec 2024 20:34:48 GMT
location
https://loginn-terrraa-maiil-7971191.hidora.com/
priority
u=0,i
referrer-policy
unsafe-url
server
cloudflare
server-timing
cfCacheStatus;desc="HIT" cfExtPri
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex
x-tinyurl-redirect
eyJpdiI6IjY4NUN4Wlk0N0l2L1B2L3o4dFpLZVE9PSIsInZhbHVlIjoidGZJKzNzNzBCZ1ZUUTRQNlg5ZS9VaFpDR1loMHFZUlFWNW1HSk82bG1MNndXcFYxbmdLZDlBMkRYOURacElyVXFxRXdZQlorNnZxaDd0RGlPRUdtZGc9PSIsIm1hYyI6ImYzOGYwZTRiODQ2ZTkxYmZkNGQ0ODg2MDcxMDU1YmJmMmNhNWU3MWM2MDgxMjA5Yzg3Zjg2YWY4YTQ4ODJlMWQiLCJ0YWciOiIifQ==
x-tinyurl-redirect-type
redirect
x-xss-protection
1; mode=block
image-removebg-preview.png
i.ibb.co/zGTQD9K/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ibb.co/zGTQD9K/image-removebg-preview.png
Requested by
Host: loginn-terrraa-maiil-7971191.hidora.com
URL: https://loginn-terrraa-maiil-7971191.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.10.127 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns3243671.ip-91-134-10.eu
Software
openresty /
Resource Hash
224d0ceda7e65c8946b6d83e6e8262029118551631e69e3c414f27eb6f733778

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=315360000, public
access-control-allow-methods
GET, OPTIONS
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
20075
date
Thu, 12 Dec 2024 20:34:49 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 21:36:10 GMT
server
openresty
Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
s1.trrsf.com.br/slide-mail/img/banner/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.trrsf.com.br/slide-mail/img/banner/Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
Requested by
Host: loginn-terrraa-maiil-7971191.hidora.com
URL: https://loginn-terrraa-maiil-7971191.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::b819:3323 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Terra Web Server /
Resource Hash
5ffe32b52829259d687f6c96929c9ccf6f049d53dd0556cb880c629bcd6cdd10

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=315360000, stale-while-revalidate=3600, stale-if-error=864000
x-cdnterra-cache-status
HIT
accept-ranges
bytes
content-length
48608
date
Thu, 12 Dec 2024 20:34:49 GMT
content-type
image/jpeg
last-modified
Mon, 15 Jul 2024 19:50:19 GMT
server
Terra Web Server
f1102035265c5eae40f936d056b5013a-gpLarge.png
media.gazetadopovo.com.br/2017/07/ 		63 KB
63 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://media.gazetadopovo.com.br/2017/07/f1102035265c5eae40f936d056b5013a-gpLarge.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:c000:1f:3000:7b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
96020fbf98745a2482a24f2e14059c26a0e18d546a3550930cb794916a910a48

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=31536000
etag
"476a30df5cbfd758f1ef0a6a56e9bcce"
age
283779
via
1.1 7549433a09d06354ea864d169b689e50.cloudfront.net (CloudFront)
expires
Thu, 21 May 2020 19:23:06 GMT
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
64284
x-amz-cf-id
FPqvmnD8qfQEGhyCNJHH-1RTSc6Z6mEVeNN8dZi-8jtY3DGx3d6dIw==
date
Mon, 09 Dec 2024 13:45:11 GMT
content-type
image/jpeg
last-modified
Wed, 22 May 2019 19:23:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Terra (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
re-dir-env-2747197.hidora.com/ Name: ROUTEID
Value: .1
.tinyurl.com/ Name: __cf_bm
Value: 1xtehEgKgJbZr4DCxqZ4K5Vksc4e_8wCXxPBmveoLoU-1734035688-1.0.1.1-pvp9I9xITTwgWut6cV7424U5Uj7VErAMwWo1UuOe92luCcG1XplywCBptRwTlZMTtuMHiSZMP7Rwb_NVdvnWYg
loginn-terrraa-maiil-7971191.hidora.com/ Name: ROUTEID
Value: .1

2 Console Messages

Source Level URL
Text
network error URL: https://re-dir-env-2747197.hidora.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://loginn-terrraa-maiil-7971191.hidora.com/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;