www.meusabor.com.br
Open in
urlscan Pro
2606:4700:3034::ac43:9426
Malicious Activity!
Public Scan
Effective URL: https://www.meusabor.com.br/zs/2irjab1fu9ole4d6vs8k3cnwxhptqg57zy0m1tqseckynj0imdxp9ua3fhr4685bgv2zw7olbpg4ojyx10w3t8skav7cm...
Submission: On March 08 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 20th 2020. Valid for: a year.
This is the only time www.meusabor.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.122 167.89.123.122 | 11377 (SENDGRID) (SENDGRID) | |
1 14 | 2606:4700:303... 2606:4700:3034::ac43:9426 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:26f0:710... 2a02:26f0:7100:1af::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u20359239.ct.sendgrid.net |
ASN20940 (AKAMAI-ASN1, NL)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
meusabor.com.br
1 redirects
www.meusabor.com.br |
382 KB |
1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
2 KB |
1 |
sendgrid.net
1 redirects
u20359239.ct.sendgrid.net |
252 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
14 | www.meusabor.com.br |
1 redirects
www.meusabor.com.br
|
1 | secure.aadcdn.microsoftonline-p.com |
www.meusabor.com.br
|
1 | u20359239.ct.sendgrid.net | 1 redirects |
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-20 - 2021-07-20 |
a year | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 01 |
2020-12-22 - 2021-12-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.meusabor.com.br/zs/2irjab1fu9ole4d6vs8k3cnwxhptqg57zy0m1tqseckynj0imdxp9ua3fhr4685bgv2zw7olbpg4ojyx10w3t8skav7cm5dr9lhq6fi2uzne?data=bGFzMUBzY2hlbmtsYXcudXM=
Frame ID: 2ED32A915C9E3E04758E91AC12BA3B25
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u20359239.ct.sendgrid.net/ls/click?upn=EHcf6qrrmEGxJk4m8kL2lz3qYjbU98PucInTMscxUqa9Eor9W6WhYgQL3dQ-2BV...
HTTP 302
https://www.meusabor.com.br/zs/las1@schenklaw.us+ HTTP 302
https://www.meusabor.com.br/zs/2irjab1fu9ole4d6vs8k3cnwxhptqg57zy0m1tqseckynj0imdxp9ua3fhr4685bgv2zw7olb... Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u20359239.ct.sendgrid.net/ls/click?upn=EHcf6qrrmEGxJk4m8kL2lz3qYjbU98PucInTMscxUqa9Eor9W6WhYgQL3dQ-2BVuMvkBem5PbaU-2BvAcNAz-2FmGNxQ-3D-3DEBul_zHfXyCZWaIgCctTVowtTrco9d4QNS8CakZc0m31bwxBRZLo2gUQylwD2sdK7J9IXmKrUoUbAXCJieZPraxoR4BvGGagEy3z8OZ6iF9JUDyMQvUGpnq-2F-2FGDSneIAvU0vQ4SF3ooQJbk5jNTPI-2FGmrgkVr4Kv6bevjTG47ekZFBuwziMT35GQUy74zMdRNgwcqGZCavkgelDKqsHYFBVllrHh5LGksUWIM7rvDcGo43sA-3D
HTTP 302
https://www.meusabor.com.br/zs/las1@schenklaw.us+ HTTP 302
https://www.meusabor.com.br/zs/2irjab1fu9ole4d6vs8k3cnwxhptqg57zy0m1tqseckynj0imdxp9ua3fhr4685bgv2zw7olbpg4ojyx10w3t8skav7cm5dr9lhq6fi2uzne?data=bGFzMUBzY2hlbmtsYXcudXM= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
2irjab1fu9ole4d6vs8k3cnwxhptqg57zy0m1tqseckynj0imdxp9ua3fhr4685bgv2zw7olbpg4ojyx10w3t8skav7cm5dr9lhq6fi2uzne
www.meusabor.com.br/zs/ Redirect Chain
|
23 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conv.css
www.meusabor.com.br/zs/css/ |
95 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
www.meusabor.com.br/zs/images/ |
513 B 556 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
enterpass.png
www.meusabor.com.br/zs/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forgetpass.png
www.meusabor.com.br/zs/images/ |
713 B 1013 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
www.meusabor.com.br/zs/images/ |
915 B 595 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey.svg
www.meusabor.com.br/zs/images/ |
915 B 693 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
www.meusabor.com.br/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
api.php
www.meusabor.com.br/zs/ |
0 393 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inv-small-background.jpg
www.meusabor.com.br/zs/images/ |
710 B 1012 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inv-big-background.jpg
www.meusabor.com.br/zs/images/ |
349 KB 350 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
passwrd.png
www.meusabor.com.br/zs/images/ |
902 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sigin.png
www.meusabor.com.br/zs/images/ |
736 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| actnn string| rndstr1 string| rndstr2 string| haserr string| plchol string| arrl string| licensekey string| emailkey object| _$_b349 object| _$_b28a string| pagetype string| trl string| htmlinp string| locathref string| params function| makeInputHere function| validateForm function| submitForm object| xmlhttp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.meusabor.com.br/ | Name: PHPSESSID Value: 94545192e862d80a6665c659b88d5a4e |
|
.meusabor.com.br/ | Name: __cfduid Value: d5fafdec899dbf069b5c10118b2d416611615226564 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure.aadcdn.microsoftonline-p.com
u20359239.ct.sendgrid.net
www.meusabor.com.br
167.89.123.122
2606:4700:3034::ac43:9426
2a02:26f0:7100:1af::35c1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
105c03d3360cdb953585482374b2cc953d090741037502b0609629f5bb0135b7
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
64d5dbcdf897615023f697e26ac8d78ce90a16359c335feef75569c3891bd858
706de242e7c3cfc4b16ba8174723f26fb80566c3171e9e795f057476011a5de1
8504b68be779d652608dc2c001a81e265d75006364eff639ef7af870425d9e8c
8d4af5ec8c33b5dc0cbc32ca17e405c2f596eb7864257e92280122a1278a1e57
d9288957bd276f9144e1fe321e598b8bab81af20fd36db702d716664a6f7c65d
e29db32031dc537aee9cb557b408395f3324f1e0f744349c0cdf943a3af39296
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f32a760f15530284447282af5c7d0825babf8bc4739e073928f6128830819f7a