loginn-terrraa-maiil-7971191.hidora.com Open in urlscan Pro
45.66.221.0  Malicious Activity! Public Scan

URL: https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Submission: On December 13 via automatic, source phishtank — Scanned from CH

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 4 HTTP transactions. The main IP is 45.66.221.0, located in Switzerland and belongs to Hidora HIDORA SA, CH. The main domain is loginn-terrraa-maiil-7971191.hidora.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 27th 2024. Valid for: a year.
This is the only time loginn-terrraa-maiil-7971191.hidora.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Terra (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 45.66.221.0 56798 (Hidora HI...)
1 91.134.9.159 16276 (OVH OVH SAS)
1 2a02:26f0:ab0... 20940 (AKAMAI-AS...)
1 2600:9000:223... 16509 (AMAZON-02)
4 4
Apex Domain
Subdomains
Transfer
1 gazetadopovo.com.br
media.gazetadopovo.com.br
63 KB
1 trrsf.com.br
s1.trrsf.com.br
48 KB
1 ibb.co
i.ibb.co — Cisco Umbrella Rank: 14048
20 KB
1 hidora.com
loginn-terrraa-maiil-7971191.hidora.com
3 KB
4 4
Domain Requested by
1 media.gazetadopovo.com.br
1 s1.trrsf.com.br loginn-terrraa-maiil-7971191.hidora.com
1 i.ibb.co loginn-terrraa-maiil-7971191.hidora.com
1 loginn-terrraa-maiil-7971191.hidora.com
4 4

This site contains no links.

Subject Issuer Validity Valid
*.hidora.com
Go Daddy Secure Certificate Authority - G2
2024-07-27 -
2025-07-27
a year crt.sh
ibb.co
E6
2024-10-21 -
2025-01-19
3 months crt.sh
terra.com.br
DigiCert TLS RSA SHA256 2020 CA1
2024-09-20 -
2025-09-20
a year crt.sh
*.gazetadopovo.com.br
Amazon RSA 2048 M02
2024-10-17 -
2025-11-15
a year crt.sh

This page contains 1 frames:

Primary Page: https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Frame ID: 21E68ED1384DC3BC329EF4B525E96D1C
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Terra Mail

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

133 kB
Transfer

138 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
loginn-terrraa-maiil-7971191.hidora.com/
8 KB
3 KB
Document
General
Full URL
https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.66.221.0 , Switzerland, ASN56798 (Hidora HIDORA SA, CH),
Reverse DNS
Software
openresty /
Resource Hash
d68b1f70ecc3071b1718120398753368f53109b86f5a596f625a178dd4ae9820
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
2091
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Fri, 13 Dec 2024 00:08:33 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
45.66.221.0
x-xss-protection
1; mode=block;
image-removebg-preview.png
i.ibb.co/zGTQD9K/
20 KB
20 KB
Image
General
Full URL
https://i.ibb.co/zGTQD9K/image-removebg-preview.png
Requested by
Host: loginn-terrraa-maiil-7971191.hidora.com
URL: https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.9.159 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns3243059.ip-91-134-9.eu
Software
openresty /
Resource Hash
224d0ceda7e65c8946b6d83e6e8262029118551631e69e3c414f27eb6f733778

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=315360000, public
access-control-allow-methods
GET, OPTIONS
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
20075
date
Fri, 13 Dec 2024 00:08:33 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 21:36:10 GMT
server
openresty
Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
s1.trrsf.com.br/slide-mail/img/banner/
47 KB
48 KB
Image
General
Full URL
https://s1.trrsf.com.br/slide-mail/img/banner/Home_Terra_Mail-Pos-01_Terra-Meu-Negocio.jpg
Requested by
Host: loginn-terrraa-maiil-7971191.hidora.com
URL: https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::b819:3322 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Terra Web Server /
Resource Hash
5ffe32b52829259d687f6c96929c9ccf6f049d53dd0556cb880c629bcd6cdd10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=315360000, stale-while-revalidate=3600, stale-if-error=864000
x-cdnterra-cache-status
HIT
accept-ranges
bytes
content-length
48608
date
Fri, 13 Dec 2024 00:08:33 GMT
content-type
image/jpeg
last-modified
Mon, 15 Jul 2024 19:50:19 GMT
server
Terra Web Server
f1102035265c5eae40f936d056b5013a-gpLarge.png
media.gazetadopovo.com.br/2017/07/
63 KB
63 KB
Other
General
Full URL
https://media.gazetadopovo.com.br/2017/07/f1102035265c5eae40f936d056b5013a-gpLarge.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:5c00:1f:3000:7b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
96020fbf98745a2482a24f2e14059c26a0e18d546a3550930cb794916a910a48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loginn-terrraa-maiil-7971191.hidora.com/

Response headers

cache-control
max-age=31536000
etag
"476a30df5cbfd758f1ef0a6a56e9bcce"
age
2412365
via
1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
expires
Thu, 21 May 2020 19:23:06 GMT
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
64284
x-amz-cf-id
HlWsNyqOdL1pQTqLv66aOoaz2bpEokLEyElA2SHFMY47N2eM1e7tUA==
date
Fri, 15 Nov 2024 02:02:30 GMT
content-type
image/jpeg
last-modified
Wed, 22 May 2019 19:23:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Terra (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
loginn-terrraa-maiil-7971191.hidora.com/ Name: ROUTEID
Value: .1

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://loginn-terrraa-maiil-7971191.hidora.com/?santander
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;