analuizaborba.com.br
Open in
urlscan Pro
2606:4700:3037::6815:1a0a
Malicious Activity!
Public Scan
Effective URL: https://analuizaborba.com.br/wp-setting/S211eery1865c9y.php?blx=$bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ==&4629a2ca3b7b71590edc68a5057...
Submission: On February 04 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 29th 2022. Valid for: a year.
This is the only time analuizaborba.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BCE-Bell (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2606:4700:303... 2606:4700:3037::6815:1a0a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 68.142.108.128 68.142.108.128 | 22822 (LLNW) (LLNW) | |
15 | 2 |
ASN22822 (LLNW, US)
PTR: https-68-142-108-128.iad.llnw.net
pfobellweb.hs.llnwd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
analuizaborba.com.br
analuizaborba.com.br |
200 KB |
4 |
llnwd.net
pfobellweb.hs.llnwd.net — Cisco Umbrella Rank: 839644 |
121 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
11 | analuizaborba.com.br |
analuizaborba.com.br
|
4 | pfobellweb.hs.llnwd.net |
analuizaborba.com.br
|
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
*.hs.llnwd.net Sectigo RSA Organization Validation Secure Server CA |
2021-04-07 - 2022-05-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://analuizaborba.com.br/wp-setting/S211eery1865c9y.php?blx=$bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ==&4629a2ca3b7b71590edc68a5057ef38b4b1c172f9d08f8a44bde0cabb8a6743916976132908339ea131c7d9904dbec14867b58e8dccef58d922fc504f551a54c632a2a21590677805aef262cd9dfe3f3e077bd24dd6fb3f15b0e
Frame ID: 82B5827303FF16EBF3F4E8B118D5E6B3
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Log in to MyBellPage URL History Show full URLs
- https://analuizaborba.com.br/wp-setting/index.php?blx=%24bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ%3D%3D Page URL
- https://analuizaborba.com.br/wp-setting/S211eery1865c9y.php?blx=$bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ==&4629a2c... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://analuizaborba.com.br/wp-setting/index.php?blx=%24bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ%3D%3D Page URL
- https://analuizaborba.com.br/wp-setting/S211eery1865c9y.php?blx=$bmVpbC5hY2tlcm1hbjFAYmVsbC5jYQ==&4629a2ca3b7b71590edc68a5057ef38b4b1c172f9d08f8a44bde0cabb8a6743916976132908339ea131c7d9904dbec14867b58e8dccef58d922fc504f551a54c632a2a21590677805aef262cd9dfe3f3e077bd24dd6fb3f15b0e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.php
analuizaborba.com.br/wp-setting/ |
519 B 914 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
S211eery1865c9y.php
analuizaborba.com.br/wp-setting/ |
18 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bell.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
808 KB 111 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bell(1).css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
registrationFlow-login.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
32 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-tracker-icon.min.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
1 KB 744 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-tracker.min.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bell(2).css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
244 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
2 KB 891 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bell_custom_deprecatedbrowser_new.css
analuizaborba.com.br/wp-setting/Uyfi9a99a9ui88/ |
1 KB 796 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
upds.jpg
analuizaborba.com.br/Styles/images/ |
32 KB 32 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bellslim_regular-webfont.woff2
pfobellweb.hs.llnwd.net/styles/RSX/framework/css/fonts/ |
19 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bellslim_medium-webfont.woff2
pfobellweb.hs.llnwd.net/styles/RSX/framework/css/fonts/ |
19 KB 20 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bell-icon.woff
pfobellweb.hs.llnwd.net/Styles/BRF2/Master/core/fonts/ |
58 KB 59 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bellslim_semibold-webfont.woff2
pfobellweb.hs.llnwd.net/styles/RSX/framework/css/fonts/ |
19 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BCE-Bell (Telecommunication)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
analuizaborba.com.br/wp-setting | Name: drake Value: dexter |
|
analuizaborba.com.br/ | Name: PHPSESSID Value: 3bcddb0ca516bbf625e8470bed17e896 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analuizaborba.com.br
pfobellweb.hs.llnwd.net
2606:4700:3037::6815:1a0a
68.142.108.128
053bfcc5e83a414860621f457b4af3dc94a85dc56b7514d7188be47cfa8eca36
29a555b218d67f7d28eacf4f5f2b6d072cda91e5d1bcfa0ea8b72200d9ad018b
3e4d8f00673f6a80b26a8565f9931374e1e9171553b078261a67772af7511629
41407c31a0d44bb952744a390decccd0a4ba5918e4ff89c860f2495d5ee7a7fe
41d5494dc24c7bf70ec0a23e9e96a3cbeb166d4f842c674d93605178ef05acef
494b73af9d809465ca2d26ee422c0793bcc3d68ee047b3b20fb4deddc880d0cf
55b8eb223e37f7bfab42aa9d5144ee52a14df40dd279260bcf7d5b0a68d140a2
58bbb342449d9aa457cbca095e49eb46b01c09e456267c4dbe0e762fb33fd0fe
5dd4f75a33a397e43c440b1d6ffcfda71f004d0a31cc0894b665ac2f0ff2ad6d
721a7bb35cd1aa6b81bbb4e1d197e84003142a72abf045dfe47b29948edc1a79
7c70a0312594726ce839d13a6cca394df912b64b0d1fe1c2fe1858f0597c4245
b00754524869bd430ae18a373883452a633e41736b58188d3109fc6b5f36238f
e21b18ff24dc8add2824db9cf7531061af9c468f33c9aeb632eb6fe8c608e351
e27750bd8f7add80437b9f5a75626739f8342e30fd35dd6ff302d96330b59964
e36f3860d6fe12df58872c55cf1fb78b7a3fe86d9a27591bfda5d8ceb34a31f3