loginn-terrraa-maiil-7971191.hidora.com
Open in
urlscan Pro
45.66.221.0
Malicious Activity!
Public Scan
Submission: On December 13 via automatic, source phishtank — Scanned from CH
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 27th 2024. Valid for: a year.
This is the only time loginn-terrraa-maiil-7971191.hidora.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Terra (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 45.66.221.0 45.66.221.0 | 56798 (Hidora HI...) (Hidora HIDORA SA) | |
1 | 91.134.9.159 91.134.9.159 | 16276 (OVH OVH SAS) (OVH OVH SAS) | |
1 | 2a02:26f0:ab0... 2a02:26f0:ab00::b819:3322 | 20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.) | |
1 | 2600:9000:223... 2600:9000:223f:5c00:1f:3000:7b80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 4 |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
s1.trrsf.com.br |
ASN16509 (AMAZON-02, US)
media.gazetadopovo.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
gazetadopovo.com.br
media.gazetadopovo.com.br |
63 KB |
1 |
trrsf.com.br
s1.trrsf.com.br |
48 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 14048 |
20 KB |
1 |
hidora.com
loginn-terrraa-maiil-7971191.hidora.com |
3 KB |
4 | 4 |
Domain | Requested by | |
---|---|---|
1 | media.gazetadopovo.com.br | |
1 | s1.trrsf.com.br |
loginn-terrraa-maiil-7971191.hidora.com
|
1 | i.ibb.co |
loginn-terrraa-maiil-7971191.hidora.com
|
1 | loginn-terrraa-maiil-7971191.hidora.com | |
4 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.hidora.com Go Daddy Secure Certificate Authority - G2 |
2024-07-27 - 2025-07-27 |
a year | crt.sh |
ibb.co E6 |
2024-10-21 - 2025-01-19 |
3 months | crt.sh |
terra.com.br DigiCert TLS RSA SHA256 2020 CA1 |
2024-09-20 - 2025-09-20 |
a year | crt.sh |
*.gazetadopovo.com.br Amazon RSA 2048 M02 |
2024-10-17 - 2025-11-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Frame ID: 21E68ED1384DC3BC329EF4B525E96D1C
Requests: 4 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
loginn-terrraa-maiil-7971191.hidora.com/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image-removebg-preview.png
i.ibb.co/zGTQD9K/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
s1.trrsf.com.br/slide-mail/img/banner/ |
47 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f1102035265c5eae40f936d056b5013a-gpLarge.png
media.gazetadopovo.com.br/2017/07/ |
63 KB 63 KB |
Other
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Terra (Telecommunication)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
loginn-terrraa-maiil-7971191.hidora.com/ | Name: ROUTEID Value: .1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15811200 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.ibb.co
loginn-terrraa-maiil-7971191.hidora.com
media.gazetadopovo.com.br
s1.trrsf.com.br
2600:9000:223f:5c00:1f:3000:7b80:93a1
2a02:26f0:ab00::b819:3322
45.66.221.0
91.134.9.159
224d0ceda7e65c8946b6d83e6e8262029118551631e69e3c414f27eb6f733778
5ffe32b52829259d687f6c96929c9ccf6f049d53dd0556cb880c629bcd6cdd10
96020fbf98745a2482a24f2e14059c26a0e18d546a3550930cb794916a910a48
d68b1f70ecc3071b1718120398753368f53109b86f5a596f625a178dd4ae9820