Submitted URL: http://env-0806113.sp1.br.saveincloud.net.br/
Effective URL: https://login-env-2112421.hidora.com/
Submission: On November 27 via automatic, source phishtank — Scanned from CA

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 45.66.221.1, located in Switzerland and belongs to Hidora HIDORA SA, CH. The main domain is login-env-2112421.hidora.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 27th 2024. Valid for: a year.
This is the only time login-env-2112421.hidora.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 191.243.199.81 263511 (Saveinclo...)
1 45.66.221.1 56798 (Hidora HI...)
1 169.197.85.95 26548 (PUREVOLTA...)
1 23.46.15.41 20940 (AKAMAI-AS...)
1 18.173.132.80 16509 (AMAZON-02)
7 5
Domain Requested by
3 env-0806113.sp1.br.saveincloud.net.br env-0806113.sp1.br.saveincloud.net.br
1 media.gazetadopovo.com.br
1 s1.trrsf.com.br login-env-2112421.hidora.com
1 i.ibb.co login-env-2112421.hidora.com
1 login-env-2112421.hidora.com env-0806113.sp1.br.saveincloud.net.br
7 5

This site contains no links.

Subject Issuer Validity Valid
*.sp1.br.saveincloud.net.br
R11
2024-11-20 -
2025-02-18
3 months crt.sh
*.hidora.com
Go Daddy Secure Certificate Authority - G2
2024-07-27 -
2025-07-27
a year crt.sh
ibb.co
E6
2024-10-21 -
2025-01-19
3 months crt.sh
terra.com.br
DigiCert TLS RSA SHA256 2020 CA1
2024-09-20 -
2025-09-20
a year crt.sh
*.gazetadopovo.com.br
Amazon RSA 2048 M02
2024-10-17 -
2025-11-15
a year crt.sh

This page contains 1 frames:

Primary Page: https://login-env-2112421.hidora.com/
Frame ID: 18792D64B9E2473F051C4EBEBE83D8C9
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Terra Mail

Page URL History Show full URLs

  1. http://env-0806113.sp1.br.saveincloud.net.br/ HTTP 307
    https://env-0806113.sp1.br.saveincloud.net.br/ Page URL
  2. https://login-env-2112421.hidora.com/ Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

136 kB
Transfer

141 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://env-0806113.sp1.br.saveincloud.net.br/ HTTP 307
    https://env-0806113.sp1.br.saveincloud.net.br/ Page URL
  2. https://login-env-2112421.hidora.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://env-0806113.sp1.br.saveincloud.net.br/ HTTP 307
  • https://env-0806113.sp1.br.saveincloud.net.br/

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
env-0806113.sp1.br.saveincloud.net.br/
Redirect Chain
  • http://env-0806113.sp1.br.saveincloud.net.br/
  • https://env-0806113.sp1.br.saveincloud.net.br/
2 KB
1 KB
Document
General
Full URL
https://env-0806113.sp1.br.saveincloud.net.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
191.243.199.81 , Brazil, ASN263511 (Saveincloud Hospedagem na Internet Ltda, BR),
Reverse DNS
app.jelastic.saveincloud.net
Software
openresty /
Resource Hash
e846ffc8c51aa133355da2c270f688e1ddeedc25dde95479fe004e66fa1b9d96
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
948
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Wed, 27 Nov 2024 05:57:46 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
191.243.199.81
x-xss-protection
1; mode=block;

Redirect headers

Location
https://env-0806113.sp1.br.saveincloud.net.br/
Non-Authoritative-Reason
HttpsUpgrades
style.css
env-0806113.sp1.br.saveincloud.net.br/
927 B
937 B
Stylesheet
General
Full URL
https://env-0806113.sp1.br.saveincloud.net.br/style.css
Requested by
Host: env-0806113.sp1.br.saveincloud.net.br
URL: https://env-0806113.sp1.br.saveincloud.net.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
191.243.199.81 , Brazil, ASN263511 (Saveincloud Hospedagem na Internet Ltda, BR),
Reverse DNS
app.jelastic.saveincloud.net
Software
openresty /
Resource Hash
2b97858559ef6cf9fe39ba9b27f0e4fe957788f078015fb16af975e57ce33986
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://env-0806113.sp1.br.saveincloud.net.br/

Response headers

content-encoding
gzip
etag
"39f-623cbbcd9fd80-gzip"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-resolver-ip
191.243.199.81
date
Wed, 27 Nov 2024 05:57:46 GMT
content-type
text/css
last-modified
Sun, 06 Oct 2024 09:43:34 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15811200
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
unsafe-none
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
content-length
427
x-xss-protection
1; mode=block;
server
openresty
favicon.ico
env-0806113.sp1.br.saveincloud.net.br/
196 B
588 B
Other
General
Full URL
https://env-0806113.sp1.br.saveincloud.net.br/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
191.243.199.81 , Brazil, ASN263511 (Saveincloud Hospedagem na Internet Ltda, BR),
Reverse DNS
app.jelastic.saveincloud.net
Software
openresty /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://env-0806113.sp1.br.saveincloud.net.br/

Response headers

strict-transport-security
max-age=15811200
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cross-origin-embedder-policy
unsafe-none
permissions-policy
geolocation=(self), payment=(self)
content-length
196
date
Wed, 27 Nov 2024 05:57:47 GMT
x-xss-protection
1; mode=block;
content-type
text/html; charset=iso-8859-1
server
openresty
x-frame-options
SAMEORIGIN
Primary Request /
login-env-2112421.hidora.com/
8 KB
3 KB
Document
General
Full URL
https://login-env-2112421.hidora.com/
Requested by
Host: env-0806113.sp1.br.saveincloud.net.br
URL: https://env-0806113.sp1.br.saveincloud.net.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.1 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
d68b1f70ecc3071b1718120398753368f53109b86f5a596f625a178dd4ae9820
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Referer
https://env-0806113.sp1.br.saveincloud.net.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
2091
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Wed, 27 Nov 2024 05:57:48 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
45.66.221.1
x-xss-protection
1; mode=block;
image-removebg-preview.png
i.ibb.co/zGTQD9K/
20 KB
20 KB
Image
General
Full URL
https://i.ibb.co/zGTQD9K/image-removebg-preview.png
Requested by
Host: login-env-2112421.hidora.com
URL: https://login-env-2112421.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.85.95 , United States, ASN26548 (PUREVOLTAGE-INC, US),
Reverse DNS
Software
nginx /
Resource Hash
224d0ceda7e65c8946b6d83e6e8262029118551631e69e3c414f27eb6f733778

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login-env-2112421.hidora.com/

Response headers

cache-control
max-age=315360000, public
access-control-allow-methods
GET, OPTIONS
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
20075
date
Wed, 27 Nov 2024 05:57:49 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 21:36:10 GMT
server
nginx
Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
s1.trrsf.com.br/slide-mail/img/banner/
47 KB
48 KB
Image
General
Full URL
https://s1.trrsf.com.br/slide-mail/img/banner/Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
Requested by
Host: login-env-2112421.hidora.com
URL: https://login-env-2112421.hidora.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.15.41 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-46-15-41.deploy.static.akamaitechnologies.com
Software
Terra Web Server /
Resource Hash
5ffe32b52829259d687f6c96929c9ccf6f049d53dd0556cb880c629bcd6cdd10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login-env-2112421.hidora.com/

Response headers

cache-control
max-age=315360000, stale-while-revalidate=3600, stale-if-error=864000
x-cdnterra-cache-status
HIT
accept-ranges
bytes
content-length
48608
date
Wed, 27 Nov 2024 05:57:49 GMT
content-type
image/jpeg
last-modified
Mon, 15 Jul 2024 19:50:19 GMT
server
Terra Web Server
f1102035265c5eae40f936d056b5013a-gpLarge.png
media.gazetadopovo.com.br/2017/07/
63 KB
63 KB
Other
General
Full URL
https://media.gazetadopovo.com.br/2017/07/f1102035265c5eae40f936d056b5013a-gpLarge.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-80.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96020fbf98745a2482a24f2e14059c26a0e18d546a3550930cb794916a910a48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login-env-2112421.hidora.com/

Response headers

cache-control
max-age=31536000
etag
"476a30df5cbfd758f1ef0a6a56e9bcce"
age
9808970
via
1.1 29117767a034875a8b49afd641f25d82.cloudfront.net (CloudFront)
expires
Thu, 21 May 2020 19:23:06 GMT
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
64284
x-amz-cf-id
uzZ-YOOSewROlaUi_apZavTepmgSDJtICxdGpgw_2GA0gdt0a_FX1g==
date
Mon, 05 Aug 2024 17:15:00 GMT
content-type
image/jpeg
last-modified
Wed, 22 May 2019 19:23:07 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
env-0806113.sp1.br.saveincloud.net.br/ Name: ROUTEID
Value: .1
login-env-2112421.hidora.com/ Name: ROUTEID
Value: .1

2 Console Messages

Source Level URL
Text
network error URL: https://env-0806113.sp1.br.saveincloud.net.br/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://login-env-2112421.hidora.com/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;