cesseguranca.com.br Open in urlscan Pro
15.235.39.189 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cesseguranca.com.br/mantbank/email.html
Submission: On October 26 via api (October 26th 2022, 4:10:06 am UTC) from JP — Scanned from CA

Summary HTTP 8 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 15.235.39.189, located in Canada and belongs to OVH, FR. The main domain is cesseguranca.com.br.
TLS certificate: Issued by R3 on September 28th 2022. Valid for: 3 months.

This is the only time cesseguranca.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: M&T Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
8	15.235.39.189 15.235.39.189		16276 (OVH) (OVH)
8	1

8 15.235.39.189 (Canada)

ASN16276 (OVH, FR)
PTR: ip189.ip-15-235-39.fmhospeda.com.br

cesseguranca.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cesseguranca.com.br cesseguranca.com.br	308 KB
8	1

	Domain	Requested by
8	cesseguranca.com.br	cesseguranca.com.br
8	1

This site contains links to these domains. Also see Links.

Domain
wearesolidarite.com

Subject Issuer	Validity	Valid
cesseguranca.com.br R3	`2022-09-28` - `2022-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cesseguranca.com.br/mantbank/email.html
Frame ID: AB59C4B896C89751AAA91CB0C6F27054
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Confirm Email - Verify Account | M&T Bank

Detected technologies

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+foundation[^>"]+css

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

308 kB
Transfer

306 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://wearesolidarite.com/wp-admin/fellass/Home/Login/contact.php

Search URL Search Domain Scan URL

URL: https://wearesolidarite.com/Enrollment
Title: EXIT

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request email.html Show response cesseguranca.com.br/mantbank/	27 KB 27 KB	32ms 9ms	Document text/html	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Full URL https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `598bcdba9abf2af3988ffe9d88f30fc6e8d6e1ab7839dc2c6180171128198d8f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 27355 Content-Type text/html Date Wed, 26 Oct 2022 04:10:00 GMT Keep-Alive timeout=5, max=100 Last-Modified Wed, 31 Aug 2022 22:07:42 GMT Server Apache
GET H/1.1	200 OK	foundation-all.css cesseguranca.com.br/mantbank/email_files/	205 KB 205 KB	14ms 9ms	Stylesheet text/css	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Full URL https://cesseguranca.com.br/mantbank/email_files/foundation-all.css Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `9a24ae7591030cd771ca3cc35078bb10c8c57aa3d4109fa8328026dafacf5fa1` Request headers accept-language en-CA,en;q=0.9 Referer https://cesseguranca.com.br/mantbank/email.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Last-Modified Wed, 31 Aug 2022 10:47:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 210130
GET H/1.1	200 OK	mtb.css cesseguranca.com.br/mantbank/email_files/	68 KB 68 KB	31ms 11ms	Stylesheet text/css	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Full URL https://cesseguranca.com.br/mantbank/email_files/mtb.css Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `fa72bf5cf7823e5a20ff40085d311170a7e62744396d26bc6ffa968b7be306cb` Request headers accept-language en-CA,en;q=0.9 Referer https://cesseguranca.com.br/mantbank/email.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Last-Modified Wed, 31 Aug 2022 10:47:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 69422
GET H/1.1	200 OK	white%20logo.png cesseguranca.com.br/mantbank/email_files/	5 KB 5 KB	12ms 10ms	Image image/png	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://cesseguranca.com.br/mantbank/email_files/white%20logo.png Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `68d12e8086357835fc398c26ffc15a2ad73d6c1ceb930e545982149af754e652` Request headers accept-language en-CA,en;q=0.9 Referer https://cesseguranca.com.br/mantbank/email.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Last-Modified Wed, 31 Aug 2022 10:47:20 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4936
GET H/1.1	200 OK	mtb-equalhousinglender.svg cesseguranca.com.br/mantbank/email_files/	230 B 475 B	22ms 10ms	Image image/svg+xml	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://cesseguranca.com.br/mantbank/email_files/mtb-equalhousinglender.svg Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad` Request headers accept-language en-CA,en;q=0.9 Referer https://cesseguranca.com.br/mantbank/email.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Last-Modified Wed, 31 Aug 2022 10:47:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 230
GET H/1.1	200 OK	mtb-entrust.svg cesseguranca.com.br/mantbank/email_files/	1 KB 2 KB	25ms 9ms	Image image/svg+xml	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://cesseguranca.com.br/mantbank/email_files/mtb-entrust.svg Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash `b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5` Request headers accept-language en-CA,en;q=0.9 Referer https://cesseguranca.com.br/mantbank/email.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Last-Modified Wed, 31 Aug 2022 10:47:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1349
GET H/1.1	404 Not Found	mandtbaltoweb-book.woff cesseguranca.com.br/assets/fonts/	0 0	10ms 9ms	Font text/html	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Full URL https://cesseguranca.com.br/assets/fonts/mandtbaltoweb-book.woff Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email_files/mtb.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash Request headers Referer https://cesseguranca.com.br/mantbank/email_files/mtb.css Origin https://cesseguranca.com.br accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	mandtbaltoweb-medium.woff cesseguranca.com.br/assets/fonts/	0 0	10ms 10ms	Font text/html	15.235.39.189 OVH
General Check archive.org Show headers Download Go to Full URL https://cesseguranca.com.br/assets/fonts/mandtbaltoweb-medium.woff Requested by Host: cesseguranca.com.br URL: https://cesseguranca.com.br/mantbank/email_files/mtb.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.235.39.189 , Canada, ASN16276 (OVH, FR), Reverse DNS ip189.ip-15-235-39.fmhospeda.com.br Software Apache / Resource Hash Request headers Referer https://cesseguranca.com.br/mantbank/email_files/mtb.css Origin https://cesseguranca.com.br accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Wed, 26 Oct 2022 04:10:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: M&T Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cesseguranca.com.br/assets/fonts/mandtbaltoweb-book.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cesseguranca.com.br/assets/fonts/mandtbaltoweb-medium.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cesseguranca.com.br
15.235.39.189
598bcdba9abf2af3988ffe9d88f30fc6e8d6e1ab7839dc2c6180171128198d8f
68d12e8086357835fc398c26ffc15a2ad73d6c1ceb930e545982149af754e652
9a24ae7591030cd771ca3cc35078bb10c8c57aa3d4109fa8328026dafacf5fa1
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
fa72bf5cf7823e5a20ff40085d311170a7e62744396d26bc6ffa968b7be306cb

cesseguranca.com.br Open in urlscan Pro 15.235.39.189 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

308 kBTransfer

306 kBSize

0 Cookies

2 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

cesseguranca.com.br Open in urlscan Pro
15.235.39.189 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

308 kB
Transfer

306 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!