login-variety.edisonmagalhaes.com.br

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 2 HTTP transactions. The main IP is 162.241.203.116, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is login-variety.edisonmagalhaes.com.br.

This is the only time login-variety.edisonmagalhaes.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.68.252.17 51.68.252.17	16276 (OVH) (OVH)
1	162.241.203.116 162.241.203.116	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3 4	23.108.57.34 23.108.57.34	393886 (LEASEWEB-...) (LEASEWEB-USA-MIA-11)
2	3

1 51.68.252.17 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip17.ip-51-68-252.eu

api.messaging.resamania.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.203.116 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-203-116.unifiedlayer.com

login-variety.edisonmagalhaes.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.108.57.34 (Boca Raton, United States) 3 redirects

ASN393886 (LEASEWEB-USA-MIA-11, US)

login.vaeritsydatasearch.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.vaeritsydatasearch.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	vaeritsydatasearch.info 3 redirects login.vaeritsydatasearch.info www.vaeritsydatasearch.info	4 KB
1	edisonmagalhaes.com.br login-variety.edisonmagalhaes.com.br	12 KB
1	resamania.com 1 redirects api.messaging.resamania.com	633 B
2	3

	Domain	Requested by
3	login.vaeritsydatasearch.info	2 redirects login-variety.edisonmagalhaes.com.br
1	www.vaeritsydatasearch.info	1 redirects
1	login-variety.edisonmagalhaes.com.br
1	api.messaging.resamania.com	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid
login.vaeritsydatasearch.info R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh

This page contains 1 frames:

Frame: https://login.vaeritsydatasearch.info/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637813308540031288.ZWY0YjA5ZTEtY2U3NC00OTU5LTk4ODItYWVmNzUxYTQ4Y2I3ZjAwMmJlY2UtZmY5Yy00YjQ0LTgzYzQtNjkxN2Q3M2FlZTNm&ui_locales=fr-FR&mkt=fr-FR&state=h7gI9DGcYu6zy3nsRqPZmeN2Lwo96b9jv2JKMyr49r87B0UYOIGDBftVh_PKhXd9g5Xyk6ZkdWvUy0lCoqF3XbpuE6Fz3MR1tkpSUz7_HtPH5BZYdVWzLqzWYe1QfZj4Qlgw2n7LJQWWaIzCQW5CYA6-RZs7n5QDeijbqSiXlAXISdtQmvVzpRxGW9Vgzk7LxUyhGzcyi28c4W-R-3SpnnDkG-rIRShcTUSvpIFH-2Xu9XfOpbcFUhzfK3Gkv2qEo53iaJ4p-9bLPgkC5qz9BA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0
Frame ID: 49075F31F3F24C3FCDC9047016C07F3A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://api.messaging.resamania.com/api/redirect/?orig=crm&mailId=7766277&type=1&track=true&url=http%3A%2F%2Flog... HTTP 302
http://login-variety.edisonmagalhaes.com.br/ Page URL

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

12 kB
Transfer

42 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://api.messaging.resamania.com/api/redirect/?orig=crm&mailId=7766277&type=1&track=true&url=http%3A%2F%2Flogin-variety.edisonmagalhaes.com.br HTTP 302
http://login-variety.edisonmagalhaes.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://login.vaeritsydatasearch.info/RHnBSVgU HTTP 302
https://login.vaeritsydatasearch.info/ HTTP 302
https://www.vaeritsydatasearch.info/login HTTP 302
https://login.vaeritsydatasearch.info/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637813308540031288.ZWY0YjA5ZTEtY2U3NC00OTU5LTk4ODItYWVmNzUxYTQ4Y2I3ZjAwMmJlY2UtZmY5Yy00YjQ0LTgzYzQtNjkxN2Q3M2FlZTNm&ui_locales=fr-FR&mkt=fr-FR&state=h7gI9DGcYu6zy3nsRqPZmeN2Lwo96b9jv2JKMyr49r87B0UYOIGDBftVh_PKhXd9g5Xyk6ZkdWvUy0lCoqF3XbpuE6Fz3MR1tkpSUz7_HtPH5BZYdVWzLqzWYe1QfZj4Qlgw2n7LJQWWaIzCQW5CYA6-RZs7n5QDeijbqSiXlAXISdtQmvVzpRxGW9Vgzk7LxUyhGzcyi28c4W-R-3SpnnDkG-rIRShcTUSvpIFH-2Xu9XfOpbcFUhzfK3Gkv2qEo53iaJ4p-9bLPgkC5qz9BA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0

2 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response login-variety.edisonmagalhaes.com.br/ Redirect Chain https://api.messaging.resamania.com/api/redirect/?orig=crm&mailId=7766277&type=1&track=true&url=http%3A%2F%2Flogin-variety.edisonmagalhaes.com.br http://login-variety.edisonmagalhaes.com.br/	37 KB 12 KB	306ms 170ms	Document text/html	162.241.203.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://login-variety.edisonmagalhaes.com.br/ Protocol HTTP/1.1 Server 162.241.203.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-203-116.unifiedlayer.com Software Apache / Resource Hash `f9498758f8a156783d55cbe1b780e1e88258f68f8d481832724f4a68075c16d8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language fr-FR,fr;q=0.9 Response headers Date Thu, 24 Feb 2022 20:20:49 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Last-Modified Thu, 24 Feb 2022 17:25:09 GMT Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 11753 Keep-Alive timeout=5, max=75 Content-Type text/html Redirect headers Server nginx Date Thu, 24 Feb 2022 20:20:48 GMT Content-Length 0 Connection keep-alive Access-Control-Allow-Origin * Access-Control-Allow-Methods GET,POST,DELETE,PUT,OPTIONS Access-Control-Allow-Headers ,authorization,x-user-club-id,x-user-network-node-id,content-type X-Content-Type-Options* nosniff nosniff X-XSS-Protection 1; mode=block 1; mode=block Cache-Control no-cache, no-store, max-age=0, must-revalidate Pragma no-cache Expires 0 X-Frame-Options DENY SAMEORIGIN Location http://login-variety.edisonmagalhaes.com.br
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a00f7ed35be5bfea9cbbdcbeca07f536d9db6fb6391ca55ad38790eecb01ffeb` Request headers Accept-Language fr-FR,fr;q=0.9 Referer http://login-variety.edisonmagalhaes.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	authorize login.vaeritsydatasearch.info/common/oauth2/v2.0/ Redirect Chain https://login.vaeritsydatasearch.info/RHnBSVgU https://login.vaeritsydatasearch.info/ https://www.vaeritsydatasearch.info/login https://login.vaeritsydatasearch.info/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token...	0 0	921ms 652ms	Document text/html	23.108.57.34 LEASEWEB-USA-MIA-11
General Check archive.org Show headers Download Go to Full URL https://login.vaeritsydatasearch.info/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637813308540031288.ZWY0YjA5ZTEtY2U3NC00OTU5LTk4ODItYWVmNzUxYTQ4Y2I3ZjAwMmJlY2UtZmY5Yy00YjQ0LTgzYzQtNjkxN2Q3M2FlZTNm&ui_locales=fr-FR&mkt=fr-FR&state=h7gI9DGcYu6zy3nsRqPZmeN2Lwo96b9jv2JKMyr49r87B0UYOIGDBftVh_PKhXd9g5Xyk6ZkdWvUy0lCoqF3XbpuE6Fz3MR1tkpSUz7_HtPH5BZYdVWzLqzWYe1QfZj4Qlgw2n7LJQWWaIzCQW5CYA6-RZs7n5QDeijbqSiXlAXISdtQmvVzpRxGW9Vgzk7LxUyhGzcyi28c4W-R-3SpnnDkG-rIRShcTUSvpIFH-2Xu9XfOpbcFUhzfK3Gkv2qEo53iaJ4p-9bLPgkC5qz9BA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 Requested by Host: login-variety.edisonmagalhaes.com.br URL: http://login-variety.edisonmagalhaes.com.br/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.108.57.34 Boca Raton, United States, ASN393886 (LEASEWEB-USA-MIA-11, US), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language fr-FR,fr;q=0.9 Referer http://login-variety.edisonmagalhaes.com.br/ Response headers Cache-Control no-store, no-cache Connection close Content-Type text/html; charset=utf-8 Date Thu, 24 Feb 2022 20:20:53 GMT Expires -1 Nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} P3p CP="DSP CUR OTPi IND OTRi ONL FIN" Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Report-To {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]} Transfer-Encoding chunked Vary Accept-Encoding X-Ms-Clitelem 1,50168,0,, X-Ms-Ests-Server 2.1.12470.13 - NCUS ProdSlices X-Ms-Request-Id 81e60311-d58b-46be-b15e-d46050b20300 Redirect headers Connection close Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 24 Feb 2022 20:20:53 GMT Location https://login.vaeritsydatasearch.info/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637813308540031288.ZWY0YjA5ZTEtY2U3NC00OTU5LTk4ODItYWVmNzUxYTQ4Y2I3ZjAwMmJlY2UtZmY5Yy00YjQ0LTgzYzQtNjkxN2Q3M2FlZTNm&ui_locales=fr-FR&mkt=fr-FR&state=h7gI9DGcYu6zy3nsRqPZmeN2Lwo96b9jv2JKMyr49r87B0UYOIGDBftVh_PKhXd9g5Xyk6ZkdWvUy0lCoqF3XbpuE6Fz3MR1tkpSUz7_HtPH5BZYdVWzLqzWYe1QfZj4Qlgw2n7LJQWWaIzCQW5CYA6-RZs7n5QDeijbqSiXlAXISdtQmvVzpRxGW9Vgzk7LxUyhGzcyi28c4W-R-3SpnnDkG-rIRShcTUSvpIFH-2Xu9XfOpbcFUhzfK3Gkv2qEo53iaJ4p-9bLPgkC5qz9BA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 Referrer-Policy strict-origin-when-cross-origin Request-Context appId= Transfer-Encoding chunked Vary Accept-Encoding X-Cache CONFIG_NOCACHE X-Msedge-Ref Ref A: 89B87073A5D2438F9C7A8E7A557C7130 Ref B: LAX311000115035 Ref C: 2022-02-24T20:20:53Z X-Ua-Compatible IE=edge,chrome=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.vaeritsydatasearch.info/	1970-01-20 01:08:57	Name: jrui Value: f350d1fff2d831f37bd5ab389384f9e85ee11d6522b4e1e59701fca86368231e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.messaging.resamania.com
login-variety.edisonmagalhaes.com.br
login.vaeritsydatasearch.info
www.vaeritsydatasearch.info
162.241.203.116
23.108.57.34
51.68.252.17
a00f7ed35be5bfea9cbbdcbeca07f536d9db6fb6391ca55ad38790eecb01ffeb
f9498758f8a156783d55cbe1b780e1e88258f68f8d481832724f4a68075c16d8

login-variety.edisonmagalhaes.com.br Open in urlscan Pro 162.241.203.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

50 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

12 kBTransfer

42 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

login-variety.edisonmagalhaes.com.br Open in urlscan Pro
162.241.203.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

12 kB
Transfer

42 kB
Size

1
Cookies

2 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!