uniaofundacoes.com.br
Open in
urlscan Pro
2400:cb00:2048:1::681b:95ed
Malicious Activity!
Public Scan
Effective URL: http://uniaofundacoes.com.br/emailtransfer/bmo/login.php?cmd=login_submit&id=94c224319ecd94ed2e7bcf3c529b2acd94c224319ecd94ed...
Submission: On December 09 via api from CA
Summary
This is the only time uniaofundacoes.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of Montreal (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 2400:cb00:204... 2400:cb00:2048:1::681b:95ed | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6813:c366 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
8 | 2400:cb00:204... 2400:cb00:2048:1::681b:94ed | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 2 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
17 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
uniaofundacoes.com.br |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ajax.cloudflare.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
uniaofundacoes.com.br |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
uniaofundacoes.com.br
1 redirects
uniaofundacoes.com.br |
161 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
913 B |
1 |
cloudflare.com
ajax.cloudflare.com |
31 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
16 | uniaofundacoes.com.br |
1 redirects
uniaofundacoes.com.br
|
1 | www.csscheckbox.com |
uniaofundacoes.com.br
|
1 | csscheckbox.com | 1 redirects |
1 | ajax.cloudflare.com |
uniaofundacoes.com.br
|
17 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2017-11-04 - 2018-05-13 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://uniaofundacoes.com.br/emailtransfer/bmo/login.php?cmd=login_submit&id=94c224319ecd94ed2e7bcf3c529b2acd94c224319ecd94ed2e7bcf3c529b2acd&session=94c224319ecd94ed2e7bcf3c529b2acd94c224319ecd94ed2e7bcf3c529b2acd
Frame ID: (F0A3A06A522AA634E4E66A6195E5F98E)
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://uniaofundacoes.com.br/emailtransfer/bmo/
HTTP 302
http://uniaofundacoes.com.br/emailtransfer/bmo/login.php?cmd=login_submit&id=94c224319ecd94ed2e7bcf3c529b... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://uniaofundacoes.com.br/emailtransfer/bmo/
HTTP 302
http://uniaofundacoes.com.br/emailtransfer/bmo/login.php?cmd=login_submit&id=94c224319ecd94ed2e7bcf3c529b2acd94c224319ecd94ed2e7bcf3c529b2acd&session=94c224319ecd94ed2e7bcf3c529b2acd94c224319ecd94ed2e7bcf3c529b2acd Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- http://csscheckbox.com/checkboxes/u/csscheckbox_a1b63a41cb46ea4b33191226051eaad2.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_a1b63a41cb46ea4b33191226051eaad2.png
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
uniaofundacoes.com.br/emailtransfer/bmo/ Redirect Chain
|
7 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket.min.js
ajax.cloudflare.com/cdn-cgi/scripts/9014afdb/cloudflare-static/ |
102 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link1.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lofo.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lofo1.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
40 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lofo2.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pr.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logofo.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pe.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linkbu1.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link2.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link3.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fo.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conbu.png
uniaofundacoes.com.br/emailtransfer/bmo/images/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_a1b63a41cb46ea4b33191226051eaad2.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
613 B 613 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of Montreal (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onafterprint object| onbeforeprint object| __cfRocketOptions object| __cfRl function| unhideBody1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.uniaofundacoes.com.br/ | Name: __cfduid Value: d2ef0bc131926d6105de67670b7ad2b071512838892 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
csscheckbox.com
uniaofundacoes.com.br
www.csscheckbox.com
192.186.220.3
2400:cb00:2048:1::6813:c366
2400:cb00:2048:1::681b:94ed
2400:cb00:2048:1::681b:95ed
144d58a3bc46cefb8812dd47c2d0cbf4bc8b9f7fb541a669cbedf9eae6730d2a
17c040be098f5be6f979152aeb900c607f576604f4de60ab0ce4c46700a67116
36b87e4d9e23ad7e7c8f353dc41e4714746a43f857059887e7fc57afd8c89b81
3be4473dbe771758352ca95ee691d1cd78269b56fa3084393cb32b51a443b711
573d9405b59de22d45f06b74c983388cafc62fa03d4a771c4d04a136d518a264
660efceb83bb19dfa154741f2db01414954c8cc7a4ad2468dadaf522581de222
864b4f40ad13091a5ddad8717b6088f769f7bf2d846ba7e324b56f6e7732b004
a39d851d9c1a63b6a4d5043cc315c74f6236e36f1b96b92f2c9ea31d72f91f76
a7b645289a33da6f8b5516446c2f70d27fa9ed9916c52512896727ca2c0beb48
b55468b2dd7dee627735a367e5889d315d488a8a42ee443a9433868e662b8c7d
b87966242926debb47297154fbd44b4c9ba7ffd289e2132ef229939f0dda4124
c6a54f6e2e386750241bd684a040fb2131bef0d994c41caaf39035ed6db28818
ddb0c0df54395bd733b4c9da8190b0f2e322555b52668aaca5218fade8742022
dffaf2f3b7fceadfb8653d8ebcb4af0b8d169ce4067c6ceff3856690b54b052d
e8b49887e243d2d1a9f5c36ab8e8c7c15cdfd96665e8c3724ca73972377ddd3f
eed8e9c38700e092a11251d9ec1cf69adaa603eb76ece22eecedd65f405a5155
f50690fe0eeef60d0166291dfa1ab599335ae887ae5041a8658cfebe1d6431c3