faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
Open in
urlscan Pro
3.136.115.125
Malicious Activity!
Public Scan
Effective URL: http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/
Submission: On November 11 via api from US
Summary
This is the only time faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Universo Online (UOL) (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 200.19.190.91 200.19.190.91 | 1916 (Associaca...) (Associacao Rede Nacional de Ensino e Pesquisa) | |
2 2 | 35.202.21.90 35.202.21.90 | 15169 (GOOGLE) (GOOGLE) | |
9 | 3.136.115.125 3.136.115.125 | 16509 (AMAZON-02) (AMAZON-02) | |
2 4 | 34.102.185.99 34.102.185.99 | 15169 (GOOGLE) (GOOGLE) | |
18 | 4 |
ASN1916 (Associacao Rede Nacional de Ensino e Pesquisa, BR)
www.mapp.ufc.br |
ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com
sistemas.lpages.co |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-115-125.us-east-2.compute.amazonaws.com
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com
m.t.tailtarget.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
elasticbeanstalk.com
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
361 KB |
4 |
tailtarget.com
2 redirects
m.t.tailtarget.com |
977 B |
2 |
lpages.co
2 redirects
sistemas.lpages.co |
278 B |
2 |
ufc.br
1 redirects
www.mapp.ufc.br |
552 B |
0 |
uol.com
Failed
stc.uol.com Failed |
|
18 | 5 |
Domain | Requested by | |
---|---|---|
9 | faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
4 | m.t.tailtarget.com |
2 redirects
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
2 | sistemas.lpages.co | 2 redirects |
2 | www.mapp.ufc.br | 1 redirects |
0 | stc.uol.com Failed |
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
18 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
uolmailsecurity-001-site1.atempurl.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tailtarget.com Sectigo RSA Domain Validation Secure Server CA |
2020-05-30 - 2021-05-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/
Frame ID: 78BD25B0821082798DFD423BA0C1BDFD
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.mapp.ufc.br/libraries/cms/help/cont/rrr.html Page URL
-
http://www.mapp.ufc.br/libraries/cms/help/cont/index.php
HTTP 302
https://sistemas.lpages.co/l0211 HTTP 302
https://sistemas.lpages.co/l0211/ HTTP 302
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: ASSINE JÁ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.mapp.ufc.br/libraries/cms/help/cont/rrr.html Page URL
-
http://www.mapp.ufc.br/libraries/cms/help/cont/index.php
HTTP 302
https://sistemas.lpages.co/l0211 HTTP 302
https://sistemas.lpages.co/l0211/ HTTP 302
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372 HTTP 302
- https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1
- https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a HTTP 302
- https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
rrr.html
www.mapp.ufc.br/libraries/cms/help/cont/ |
62 B 331 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Redirect Chain
|
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
158 KB 158 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
82 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
partner
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
827 B 1 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_uolmail.png
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-uol.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
17 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-pagseguro.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-uolhost.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
18 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
56 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372
m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain
|
43 B 138 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a
m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain
|
43 B 104 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-regular.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-bold.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-lighter.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-regular.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-bold.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
uol-text-lighter.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.ttf
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.ttf
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Universo Online (UOL) (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| mostrar function| esconder string| id string| urlCookie string| type object| btdata object| ifrm function| onSubmit function| onloadCallback object| osirisUai function| uolAnalytics object| universal_variable object| uolads object| dnaReady undefined| dnaRun object| webpackJsonposiris-frontend0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
m.t.tailtarget.com
sistemas.lpages.co
stc.uol.com
www.mapp.ufc.br
stc.uol.com
200.19.190.91
3.136.115.125
34.102.185.99
35.202.21.90
0b931dd83952d1b448e6afb2520ca01091274b875839e4134e6c0bf433b61587
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2379d136b78de5869d1937d82bf940b355864749e989829f3ef49fa3c5095464
2f4b9a3be52d80dd59388d146339f46a80ef948f5e98b960dd99b2ebd4bbe56a
4cc86e7e65f1f8332228e8d1735ba8b7e82367c6e93d644c3d41c473891b6c2d
6f1d74f97d22f131acfa463839affc314352a452eb6649b8d9fd181e1b83d487
8d828650afa0e87b3ece850b6be4d2eaded63e4e4424a190f1ce39f62460f625
9369e6384596ebc8c7bfc024dca2876deaa3c452b8e22252ce730845f4d44b71
9c8bd05190fa2ee7f5bc2b14bc0adcc1ba96d53873166fe84a49ad01e38e0228
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855