faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
Open in
urlscan Pro
3.136.115.125
Malicious Activity!
Public Scan
Submitted URL: https://bit.ly/32aNgOa?198612%2A&%25%25%25%25&%25%25%25%25&%25%25%25%25&%7D%2A&%7D%2A&s#%24%3B198612%26%26%2...
Effective URL: http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/
Submission Tags: falconsandbox
Submission: On November 08 via api from US
Effective URL: http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/
Submission Tags: falconsandbox
Submission: On November 08 via api from US
Summary
This website contacted 4 IPs
in 2 countries
across 6 domains to perform 18 HTTP transactions.
The main IP is 3.136.115.125, located in
Seattle, United States and
belongs to AMAZON-02, US.
The main domain is faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com.
This is the only time faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com was scanned on urlscan.io!
This is the only time faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Universo Online (UOL) (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
| 1 2 | 200.19.190.91 200.19.190.91 | 1916 (Associaca...) (Associacao Rede Nacional de Ensino e Pesquisa) | |
| 2 2 | 35.202.21.90 35.202.21.90 | 15169 (GOOGLE) (GOOGLE) | |
| 9 | 3.136.115.125 3.136.115.125 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 4 | 34.102.185.99 34.102.185.99 | 15169 (GOOGLE) (GOOGLE) | |
| 18 | 4 |
2
200.19.190.91
(Fortaleza, Brazil)
ASN1916 (Associacao Rede Nacional de Ensino e Pesquisa, BR)
ASN1916 (Associacao Rede Nacional de Ensino e Pesquisa, BR)
| www.mapp.ufc.br |
2
35.202.21.90
(United States)
ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com
| sistemas.lpages.co |
9
3.136.115.125
(Seattle, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-115-125.us-east-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-115-125.us-east-2.compute.amazonaws.com
| faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
4
34.102.185.99
(United States)
ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com
| m.t.tailtarget.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
elasticbeanstalk.com
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
361 KB |
| 4 |
tailtarget.com
2 redirects
m.t.tailtarget.com |
978 B |
| 2 |
lpages.co
2 redirects
sistemas.lpages.co |
278 B |
| 2 |
ufc.br
1 redirects
www.mapp.ufc.br |
552 B |
| 1 |
bit.ly
1 redirects
bit.ly |
283 B |
| 0 |
uol.com
Failed
stc.uol.com Failed |
|
| 18 | 6 |
| Domain | Requested by | |
|---|---|---|
| 9 | faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com |
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
| 4 | m.t.tailtarget.com |
2 redirects
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
| 2 | sistemas.lpages.co | 2 redirects |
| 2 | www.mapp.ufc.br | 1 redirects |
| 1 | bit.ly | 1 redirects |
| 0 | stc.uol.com Failed |
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
|
| 18 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| uolmailsecurity-001-site1.atempurl.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.tailtarget.com Sectigo RSA Domain Validation Secure Server CA |
2020-05-30 - 2021-05-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/
Frame ID: F949BF9AEE9A48C7B2BF6E8314CBE3C0
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/32aNgOa?198612%2A&%25%25%25%25&%25%25%25%25&%25%25%25%25&%7D%2A&%7D%2A&s
HTTP 301
http://www.mapp.ufc.br/libraries/cms/help/cont/rrr.html?5as64ffas56fas Page URL
-
http://www.mapp.ufc.br/libraries/cms/help/cont/index.php
HTTP 302
https://sistemas.lpages.co/l0211 HTTP 302
https://sistemas.lpages.co/l0211/ HTTP 302
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://uolmailsecurity-001-site1.atempurl.com/
Title: ASSINE JÁ
Title: ASSINE JÁ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/32aNgOa?198612%2A&%25%25%25%25&%25%25%25%25&%25%25%25%25&%7D%2A&%7D%2A&s
HTTP 301
http://www.mapp.ufc.br/libraries/cms/help/cont/rrr.html?5as64ffas56fas Page URL
-
http://www.mapp.ufc.br/libraries/cms/help/cont/index.php
HTTP 302
https://sistemas.lpages.co/l0211 HTTP 302
https://sistemas.lpages.co/l0211/ HTTP 302
http://faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/32aNgOa?198612%2A&%25%25%25%25&%25%25%25%25&%25%25%25%25&%7D%2A&%7D%2A&s HTTP 301
- http://www.mapp.ufc.br/libraries/cms/help/cont/rrr.html?5as64ffas56fas
- https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372 HTTP 302
- https://m.t.tailtarget.com/sync/TT-10162-1/1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372?check=1
- https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a HTTP 302
- https://m.t.tailtarget.com/sync/TT-10162-1/e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a?check=1
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
rrr.html
www.mapp.ufc.br/libraries/cms/help/cont/ Redirect Chain
|
62 B 331 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/ Redirect Chain
|
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
158 KB 158 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
82 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
partner
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
827 B 1 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_uolmail.png
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-uol.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
17 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-pagseguro.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-uolhost.svg
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
18 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.js
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com/index_arquivos/ |
56 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1e9fc501db09a68e84c5cf23472df26f4ac90abbcb13db463f3ad2431b56e372
m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain
|
43 B 104 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e93b709552e40dfb876f8e891d8c85b1222affe5fdbf21ac2543b07455a9d79a
m.t.tailtarget.com/sync/TT-10162-1/ Redirect Chain
|
43 B 138 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-regular.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-bold.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-lighter.woff
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-bold.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-lighter.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
uol-text-regular.ttf
stc.uol.com/c/webfont/projeto-grafico/uol-font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.woff
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-bold.ttf
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-lighter.ttf
- Domain
- stc.uol.com
- URL
- http://stc.uol.com/c/webfont/projeto-grafico/uol-font/uol-text-regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Universo Online (UOL) (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| mostrar function| esconder string| id string| urlCookie string| type object| btdata object| ifrm function| onSubmit function| onloadCallback object| osirisUai function| uolAnalytics object| universal_variable object| uolads object| dnaReady undefined| dnaRun object| webpackJsonposiris-frontend0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
faturamentocliente-env.eba-h9qa6nww.us-east-2.elasticbeanstalk.com
m.t.tailtarget.com
sistemas.lpages.co
stc.uol.com
www.mapp.ufc.br
stc.uol.com
200.19.190.91
3.136.115.125
34.102.185.99
35.202.21.90
67.199.248.10
0b931dd83952d1b448e6afb2520ca01091274b875839e4134e6c0bf433b61587
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2379d136b78de5869d1937d82bf940b355864749e989829f3ef49fa3c5095464
2f4b9a3be52d80dd59388d146339f46a80ef948f5e98b960dd99b2ebd4bbe56a
4cc86e7e65f1f8332228e8d1735ba8b7e82367c6e93d644c3d41c473891b6c2d
6f1d74f97d22f131acfa463839affc314352a452eb6649b8d9fd181e1b83d487
8d828650afa0e87b3ece850b6be4d2eaded63e4e4424a190f1ce39f62460f625
9369e6384596ebc8c7bfc024dca2876deaa3c452b8e22252ce730845f4d44b71
9c8bd05190fa2ee7f5bc2b14bc0adcc1ba96d53873166fe84a49ad01e38e0228
ac164af5d54b0b092e11a630215b478ae38483688b8b8324e2ecfccba0d48ca1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855