conta-uolmail-pagamento.info Open in urlscan Pro
2606:4700:3030::ac43:9964 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://conta-uolmail-pagamento.info/
Effective URL:
https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html
Submission: On April 15 via automatic, source certstream-suspicious (April 15th 2021, 8:26:11 pm UTC)

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3030::ac43:9964, located in United States and belongs to CLOUDFLARENET, US. The main domain is conta-uolmail-pagamento.info.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 15th 2021. Valid for: a year.

This is the only time conta-uolmail-pagamento.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Universo Online (UOL) (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 9	2606:4700:303... 2606:4700:3030::ac43:9964	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2804:49c:4208... 2804:49c:4208:405:ffff:ffff:ffff:2	7162 (Universo ...) (Universo Online S.A.)
2 4	34.102.185.99 34.102.185.99	15169 (GOOGLE) (GOOGLE)
14	4

9 2606:4700:3030::ac43:9964 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

conta-uolmail-pagamento.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2804:49c:4208:405:ffff:ffff:ffff:2 (Brazil)

ASN7162 (Universo Online S.A., BR)

pub.i.uol.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stc.uol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.185.99 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com

m.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	conta-uolmail-pagamento.info 1 redirects conta-uolmail-pagamento.info	96 KB
4	tailtarget.com 2 redirects m.t.tailtarget.com	977 B
3	uol.com stc.uol.com	71 KB
1	uol.com.br pub.i.uol.com.br	3 KB
14	4

	Domain	Requested by
9	conta-uolmail-pagamento.info	1 redirects conta-uolmail-pagamento.info
4	m.t.tailtarget.com	2 redirects conta-uolmail-pagamento.info
3	stc.uol.com	conta-uolmail-pagamento.info
1	pub.i.uol.com.br	conta-uolmail-pagamento.info
14	4

This site contains links to these domains. Also see Links.

Domain
uolmailsecurity-001-site1.atempurl.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-15` - `2022-04-14`	a year	crt.sh
*.i.uol.com.br RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-02` - `2021-09-01`	6 months	crt.sh
*.tailtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-30` - `2021-05-30`	a year	crt.sh
stc.uol.com RapidSSL RSA CA 2018	`2020-03-05` - `2021-05-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html
Frame ID: 420C79BCAA2E21D6D395F15C5BE8B98E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://conta-uolmail-pagamento.info/ HTTP 302
https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

170 kB
Transfer

427 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://uolmailsecurity-001-site1.atempurl.com/
Title: ASSINE JÁ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://conta-uolmail-pagamento.info/ HTTP 302
https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372 HTTP 302
https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1

Request Chain 9

https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a HTTP 302
https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3-29	200	Primary Request xc=2024d2acefda51f15e0886d16050fd21.html Show response conta-uolmail-pagamento.info/ Redirect Chain https://conta-uolmail-pagamento.info/ https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html	11 KB 4 KB	270ms 258ms	Document text/html	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42b7488049da3ed7071a6918d86a3353e8d29a9e23a0fd81884b288fce14b7f8` Request headers :method GET :authority conta-uolmail-pagamento.info :scheme https :path /xc=2024d2acefda51f15e0886d16050fd21.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:52 GMT content-type text/html last-modified Tue, 13 Apr 2021 23:10:06 GMT cf-cache-status DYNAMIC cf-request-id 0978cf37b800004e6e30157000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sWmHe1LIjSbym%2FWzkyxAJ6KvplNtvugpw3PWSqwDeYsEge1TMYugEbeu3vCnoYlI4e2XkNO%2FKLiC6HJZEgImiLTY3XCzHh2YeFuOyXOpWW%2Buhy57LF86sDu%2B3RmlqV0aqKTdkug5gZ5M"}],"max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6407e7d2b8104e6e-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers date Thu, 15 Apr 2021 20:25:51 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351; expires=Sat, 15-May-21 20:25:51 GMT; path=/; domain=.conta-uolmail-pagamento.info; HttpOnly; SameSite=Lax; Secure x-powered-by PHP/7.2.34 location xc=2024d2acefda51f15e0886d16050fd21.html cf-cache-status DYNAMIC cf-request-id 0978cf356700004ec264b95000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6aJsR%2FyeTO%2Fmdzt%2Bh8sIIhKgb0VxhmWZHsgE08yEsWCQuhC65kDt1RcuFRKWl4kxKT5VdTNIphu%2FoXcV%2B9k3fow2Ns3AgpaFWuYM5U8ARTxWvQaAA3QjJyjQATXKzUHHuN%2BOpLYNJm4a"}],"max_age":604800,"group":"cf-nel"} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6407e7cf0c024ec2-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3-29	200	main.css conta-uolmail-pagamento.info/index_arquivos/	158 KB 29 KB	861ms 861ms	Stylesheet text/css	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://conta-uolmail-pagamento.info/index_arquivos/main.css Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2379d136b78de5869d1937d82bf940b355864749e989829f3ef49fa3c5095464` Request headers :path /index_arquivos/main.css pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:52 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SD3Hcg92ESmvscbKa8kVrIft98n%2FaaAm4WtBme1seWVeqXr3VkWv04QYVe3HaoUYHw9cNlJ1Dm14%2FFUGQWQC4oBL6chdYzYvkiBSKshSZoqy5WO3UhmJclyoFuUTjuh8Tfo3vT4YdB%2Br"}],"max_age":604800} content-type text/css cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7d46c004e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf38c100004e6e261a1000000001
GET H3-29	200	jquery.js Show response conta-uolmail-pagamento.info/index_arquivos/	82 KB 29 KB	624ms 623ms	Script application/javascript	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://conta-uolmail-pagamento.info/index_arquivos/jquery.js Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515` Request headers :path /index_arquivos/jquery.js pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:52 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:06 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aQYRszVMrf67urpt4myaVgVdwVjFsI6EoTROdmVH3omRD5X15iEyQy6XQR3igsCLPuIGljprlR6WkuiHIo2xD57%2FraBa63Efte6fmtHclBynJDyGJfPObyUHqORZRf%2BJlAGvylKWHvVG"}],"max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7d46c054e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf38c200004e6e7f806000000001
GET H3-29	200	partner Show response conta-uolmail-pagamento.info/index_arquivos/	827 B 1 KB	252ms 252ms	Script text/plain	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://conta-uolmail-pagamento.info/index_arquivos/partner Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9369e6384596ebc8c7bfc024dca2876deaa3c452b8e22252ce730845f4d44b71` Request headers :path /index_arquivos/partner pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:52 GMT cf-cache-status DYNAMIC last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"report_to":"cf-nel","max_age":604800} report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ztlpwzudlrN7rCq8hg4IwQAGG1kXxRB%2Bxe1vjRst7up8qTUiCFuarjmFR%2FM%2FMEbNz8BSPldSh8KAzQwJz2Iy8pjYSAYivYA2gu%2F4odC4sjBkzLO0uJ3dt16rDX4D8hyC1MMKeAdAgUNg"}],"max_age":604800} accept-ranges bytes cf-ray 6407e7d46c0b4e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 827 cf-request-id 0978cf38c200004e6e52007000000001
GET H2	200	uol.png pub.i.uol.com.br/2018/logos/	2 KB 3 KB	980ms 198ms	Image image/png	2804:49c:4208:405:ffff:ffff:ffff:2 Universo Online S.A.
General Check archive.org Show headers Download Go to Show image Full URL https://pub.i.uol.com.br/2018/logos/uol.png?v=2.0 Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2804:49c:4208:405:ffff:ffff:ffff:2 , Brazil, ASN7162 (Universo Online S.A., BR), Reverse DNS Software nginx / Resource Hash `5c9a4b163199cd95c840f23de978efe10e9a7ee81b4aa9310280f313e3427ba4` Request headers Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT last-modified Fri, 06 Apr 2018 09:09:13 GMT server nginx age 8786905 etag "8fa6a6d2cfef9d8a62972834ec7f6dd1" access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=604800 access-control-allow-credentials true x-varnish 1951301666 1949310439 x-cache HIT access-control-allow-headers X-Accept-Charset,X-Accept,Content-Type,Cache-Control,Etag content-length 2460 expires Mon, 11 Jan 2021 03:37:30 GMT
GET H3-29	200	logo-uol.svg conta-uolmail-pagamento.info/index_arquivos/	17 KB 10 KB	377ms 376ms	Image image/svg+xml	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://conta-uolmail-pagamento.info/index_arquivos/logo-uol.svg Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8d828650afa0e87b3ece850b6be4d2eaded63e4e4424a190f1ce39f62460f625` Request headers :path /index_arquivos/logo-uol.svg pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y92FxRGEc1PKByb376g1FBcG%2F5vVwAG7LXgWbHf%2Fybm2EQjtYsjG0rrCzaz4tdI9imp5xb1ZKPIaTGpj0602rlCDXkUFOUKkXgY0vk8tnogzbxpJoR%2F%2Be26nE2EBen%2BzpS8FA%2Bdbx%2B6N"}],"max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7da095b4e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf3c4300004e6e99058000000001
GET H3-29	200	logo-pagseguro.svg conta-uolmail-pagamento.info/index_arquivos/	5 KB 3 KB	261ms 260ms	Image image/svg+xml	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://conta-uolmail-pagamento.info/index_arquivos/logo-pagseguro.svg Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4cc86e7e65f1f8332228e8d1735ba8b7e82367c6e93d644c3d41c473891b6c2d` Request headers :path /index_arquivos/logo-pagseguro.svg pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lsWg2VkOzszWrT%2BN6g%2B%2FGTrOEXV%2FjhDpyRxXF0O2%2FOV%2BZNGUz8FchMo%2FpUIhd7Ob8LIuRSwDWCmoVSJ4mfIayQP8znXoHAGwdu6dhM0lehoK4DBzh3TAEixk7vxqXXq2P8IkDjdUt%2Fas"}],"max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7da095c4e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf3c4200004e6e70072000000001
GET H3-29	200	logo-uolhost.svg conta-uolmail-pagamento.info/index_arquivos/	18 KB 10 KB	378ms 377ms	Image image/svg+xml	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://conta-uolmail-pagamento.info/index_arquivos/logo-uolhost.svg Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0b931dd83952d1b448e6afb2520ca01091274b875839e4134e6c0bf433b61587` Request headers :path /index_arquivos/logo-uolhost.svg pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CF0TsNq2rsghY6Uf8%2FDxQchGmkMd6dBa9zt7ysU7OLyCROiAxaKHRiofqRytfq%2F3lC8vlSgnFfhHRIO0q5AYNZHmP0igWbcuh7rdkP%2FlCgJb9%2FepGZGHGZzmah%2Fv961Tc%2BSm5Zo%2BRBO%2F"}],"max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7da095d4e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf3c4200004e6e423b7000000001
GET H3-29	200	main.js Show response conta-uolmail-pagamento.info/index_arquivos/	56 KB 10 KB	495ms 494ms	Script application/javascript	2606:4700:3030::ac43:9964 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://conta-uolmail-pagamento.info/index_arquivos/main.js Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:9964 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6f1d74f97d22f131acfa463839affc314352a452eb6649b8d9fd181e1b83d487` Request headers :path /index_arquivos/main.js pragma no-cache cookie __cfduid=dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority conta-uolmail-pagamento.info referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html :scheme https sec-fetch-site same-origin :method GET Referer https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT content-encoding br cf-cache-status MISS last-modified Wed, 30 Sep 2020 15:05:05 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dqZhOtKh5AoJJMt7V65jPqLHrkGXV7JB8spSIYOu%2BNgJGqRQ7l3rj9FIMmQeD8bl7h%2BegVx2%2FZuMsXoU0a1LETr5zScnPJg3eHnIbfGXOGbd7ap0xvnlUTmk3EwOElpBWZnTrKBG8zym"}],"max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 6407e7d85dbc4e6e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0978cf3b3a00004e6e3e8a8000000001
GET H2	200	1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372 m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372 https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1	43 B 104 B	116ms 116ms	Image image/gif	34.102.185.99 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1 Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 99.185.102.34.bc.googleusercontent.com Software nginx/1.17.8 / Resource Hash `cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda` Request headers Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT via 1.1 google last-modified Mon, 28 Sep 1970 06:00:00 GMT server nginx/1.17.8 content-type image/gif cache-control private, proxy-revalidate alt-svc clear content-length 43 Redirect headers date Thu, 15 Apr 2021 20:25:53 GMT via 1.1 google server nginx/1.17.8 p3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1 cache-control private, proxy-revalidate content-type text/html alt-svc clear content-length 145
GET H2	200	e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1	43 B 138 B	116ms 115ms	Image image/gif	34.102.185.99 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1 Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/xc=2024d2acefda51f15e0886d16050fd21.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 99.185.102.34.bc.googleusercontent.com Software nginx/1.17.8 / Resource Hash `cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda` Request headers Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT via 1.1 google last-modified Mon, 28 Sep 1970 06:00:00 GMT server nginx/1.17.8 content-type image/gif cache-control private, proxy-revalidate alt-svc clear content-length 43 Redirect headers date Thu, 15 Apr 2021 20:25:53 GMT via 1.1 google server nginx/1.17.8 p3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1 cache-control private, proxy-revalidate content-type text/html alt-svc clear content-length 145
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2f4b9a3be52d80dd59388d146339f46a80ef948f5e98b960dd99b2ebd4bbe56a` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	uol-text-regular.woff stc.uol.com/c/webfont/projeto-grafico/uol-font/	26 KB 26 KB	786ms 385ms	Font application/font-woff	2804:49c:4208:405:ffff:ffff:ffff:2 Universo Online S.A.
General Check archive.org Show headers Download Go to Full URL https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.woff Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/index_arquivos/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2804:49c:4208:405:ffff:ffff:ffff:2 , Brazil, ASN7162 (Universo Online S.A., BR), Reverse DNS Software nginx / Resource Hash `c63635ffe1ea1c4731169ccfa13c0499174c7634d264beb4fca4809b7e75c0ee` Request headers Origin https://conta-uolmail-pagamento.info Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT last-modified Tue, 03 Nov 2020 20:43:53 GMT server nginx age 10354 etag "663f-5b339ebbb947f" access-control-allow-methods GET, HEAD x-varnish 1402426526 1400114549 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true x-cache HIT content-type application/font-woff access-control-allow-headers X-Accept-Charset,X-Accept,Content-Type,Cache-Control,Etag content-length 26175 expires Fri, 15 Apr 2022 17:33:19 GMT
GET H2	200	uol-text-bold.woff stc.uol.com/c/webfont/projeto-grafico/uol-font/	22 KB 23 KB	977ms 576ms	Font application/font-woff	2804:49c:4208:405:ffff:ffff:ffff:2 Universo Online S.A.
General Check archive.org Show headers Download Go to Full URL https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.woff Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/index_arquivos/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2804:49c:4208:405:ffff:ffff:ffff:2 , Brazil, ASN7162 (Universo Online S.A., BR), Reverse DNS Software nginx / Resource Hash `5690eeba785d13a14fcfc29dc1d7f7c63145b1498d2dce19a50b21bead46252e` Request headers Origin https://conta-uolmail-pagamento.info Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT last-modified Tue, 03 Nov 2020 20:42:25 GMT server nginx age 10198 etag "58ce-5b339e67ccebc" access-control-allow-methods GET, HEAD x-varnish 1402426528 1400148050 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true x-cache HIT content-type application/font-woff access-control-allow-headers X-Accept-Charset,X-Accept,Content-Type,Cache-Control,Etag content-length 22734 expires Fri, 15 Apr 2022 17:35:55 GMT
GET H2	200	uol-text-lighter.woff stc.uol.com/c/webfont/projeto-grafico/uol-font/	23 KB 23 KB	976ms 576ms	Font application/font-woff	2804:49c:4208:405:ffff:ffff:ffff:2 Universo Online S.A.
General Check archive.org Show headers Download Go to Full URL https://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.woff Requested by Host: conta-uolmail-pagamento.info URL: https://conta-uolmail-pagamento.info/index_arquivos/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2804:49c:4208:405:ffff:ffff:ffff:2 , Brazil, ASN7162 (Universo Online S.A., BR), Reverse DNS Software nginx / Resource Hash `f23aeed1f447c600db47325e6c29cafb3849d6162e822eefbed964b4d7d18399` Request headers Origin https://conta-uolmail-pagamento.info Referer https://conta-uolmail-pagamento.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 20:25:53 GMT last-modified Tue, 03 Nov 2020 20:43:28 GMT server nginx age 10923 etag "5a2e-5b339ea3e1d80" access-control-allow-methods GET, HEAD x-varnish 1402426527 1399978649 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true x-cache HIT content-type application/font-woff access-control-allow-headers X-Accept-Charset,X-Accept,Content-Type,Cache-Control,Etag content-length 23086 expires Fri, 15 Apr 2022 17:23:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Universo Online (UOL) (Banking)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.conta-uolmail-pagamento.info/	1970-01-19 18:18:30	Name: __cfduid Value: dd6c29a92d5d762b2af5e0f9331b4e0bb1618518351

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

conta-uolmail-pagamento.info
m.t.tailtarget.com
pub.i.uol.com.br
stc.uol.com
2606:4700:3030::ac43:9964
2804:49c:4208:405:ffff:ffff:ffff:2
34.102.185.99
0b931dd83952d1b448e6afb2520ca01091274b875839e4134e6c0bf433b61587
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2379d136b78de5869d1937d82bf940b355864749e989829f3ef49fa3c5095464
2f4b9a3be52d80dd59388d146339f46a80ef948f5e98b960dd99b2ebd4bbe56a
42b7488049da3ed7071a6918d86a3353e8d29a9e23a0fd81884b288fce14b7f8
4cc86e7e65f1f8332228e8d1735ba8b7e82367c6e93d644c3d41c473891b6c2d
5690eeba785d13a14fcfc29dc1d7f7c63145b1498d2dce19a50b21bead46252e
5c9a4b163199cd95c840f23de978efe10e9a7ee81b4aa9310280f313e3427ba4
6f1d74f97d22f131acfa463839affc314352a452eb6649b8d9fd181e1b83d487
8d828650afa0e87b3ece850b6be4d2eaded63e4e4424a190f1ce39f62460f625
9369e6384596ebc8c7bfc024dca2876deaa3c452b8e22252ce730845f4d44b71
c63635ffe1ea1c4731169ccfa13c0499174c7634d264beb4fca4809b7e75c0ee
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
f23aeed1f447c600db47325e6c29cafb3849d6162e822eefbed964b4d7d18399

conta-uolmail-pagamento.info Open in urlscan Pro 2606:4700:3030::ac43:9964 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

170 kBTransfer

427 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

1 Cookies

Indicators

conta-uolmail-pagamento.info Open in urlscan Pro
2606:4700:3030::ac43:9964 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

170 kB
Transfer

427 kB
Size

1
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!