![](/screenshots/c3ff481c-e5d3-4c47-9d43-92b2305c7924.png)
cesseguranca.com.br
Open in
urlscan Pro
15.235.39.189
Malicious Activity!
Public Scan
Submission: On October 26 via api from JP — Scanned from CA
Summary
This is the only time cesseguranca.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: M&T Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 15.235.39.189 15.235.39.189 | 16276 (OVH) (OVH) | |
2 | 2600:9000:20e... 2600:9000:20ed:e600:a:6cdf:4440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:20e... 2600:9000:20ed:800:1e:54f1:26c0:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:20e... 2600:9000:20ed:0:13:ab57:d440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
24 | 5 |
ASN16276 (OVH, FR)
PTR: ip189.ip-15-235-39.fmhospeda.com.br
cesseguranca.com.br |
ASN16509 (AMAZON-02, US)
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
ASN16509 (AMAZON-02, US)
1.b406929acabac9b095f124c81bdfcf57f.com |
ASN16509 (AMAZON-02, US)
1.c81358859121583b7adf2ace89cb39f44.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
cesseguranca.com.br
cesseguranca.com.br |
2 MB |
2 |
c81358859121583b7adf2ace89cb39f44.com
1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 21968 |
4 KB |
2 |
b406929acabac9b095f124c81bdfcf57f.com
1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 21948 |
4 KB |
2 |
a79ab95c1589a13f8a4cab612bc71f9f7.com
1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 21978 |
4 KB |
24 | 4 |
Domain | Requested by | |
---|---|---|
17 | cesseguranca.com.br |
cesseguranca.com.br
|
2 | 1.c81358859121583b7adf2ace89cb39f44.com |
cesseguranca.com.br
1.c81358859121583b7adf2ace89cb39f44.com |
2 | 1.b406929acabac9b095f124c81bdfcf57f.com |
cesseguranca.com.br
1.b406929acabac9b095f124c81bdfcf57f.com |
2 | 1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
cesseguranca.com.br
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
24 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
wearesolidarite.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-04 - 2023-04-04 |
a year | crt.sh |
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://cesseguranca.com.br/mantbank/
Frame ID: BCDB7FAD3823F85FEE26CBA1398DD6B1
Requests: 22 HTTP requests in this frame
Frame:
https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: F807AB7B9BD33370EAE81D54DE8C3C8C
Requests: 2 HTTP requests in this frame
Frame:
https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 9FEAC515978F2D327E3060A8A2A08AD8
Requests: 2 HTTP requests in this frame
Frame:
https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 3080EE8A4D63F9B5F1217EDB624D270A
Requests: 2 HTTP requests in this frame
51 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Personal
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Commercial
Search URL Search Domain Scan URL
Title: People's United
Search URL Search Domain Scan URL
Title: Navigation Menu
Search URL Search Domain Scan URL
Title: Personal
Search URL Search Domain Scan URL
Title: Checking Accounts
Search URL Search Domain Scan URL
Title: Debit Cards
Search URL Search Domain Scan URL
Title: Savings Account & CD Options
Search URL Search Domain Scan URL
Title: Mortgages & Loans
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Insurance
Search URL Search Domain Scan URL
Title: Investments & Retirement
Search URL Search Domain Scan URL
Title: Multicultural Banking
Search URL Search Domain Scan URL
Title: Financial Education Center
Search URL Search Domain Scan URL
Title: Premium Services
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Bank
Search URL Search Domain Scan URL
Title: Manage Cash Flow
Search URL Search Domain Scan URL
Title: Online & Mobile Services
Search URL Search Domain Scan URL
Title: Finance
Search URL Search Domain Scan URL
Title: Resources & Insights
Search URL Search Domain Scan URL
Title: Cybersecurity
Search URL Search Domain Scan URL
Title: Commercial
Search URL Search Domain Scan URL
Title: Bank
Search URL Search Domain Scan URL
Title: Finance
Search URL Search Domain Scan URL
Title: Industry Solutions
Search URL Search Domain Scan URL
Title: Insurance
Search URL Search Domain Scan URL
Title: Invest & Grow
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Representantes Bancarios Minoristas
Search URL Search Domain Scan URL
Title: Gerentes de Relaciones Bancarias Comerciales
Search URL Search Domain Scan URL
Title: People's United
Search URL Search Domain Scan URL
Title: Personal FAQs
Search URL Search Domain Scan URL
Title: Business Welcome
Search URL Search Domain Scan URL
Title: Business FAQs
Search URL Search Domain Scan URL
Title: Search
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Log In
Search URL Search Domain Scan URL
Title: COVID-19 Updates
Search URL Search Domain Scan URL
Title: Mortgage Assistance Programs
Search URL Search Domain Scan URL
Title: F A Qs
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Personal / Business
Search URL Search Domain Scan URL
Title: More Personal & Business Services
Search URL Search Domain Scan URL
Title: More Commercial Services
Search URL Search Domain Scan URL
Title: View All
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
cesseguranca.com.br/mantbank/ |
80 KB 81 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-base.css
cesseguranca.com.br/mantbank/index_files/ |
426 KB 427 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mtb_app_wbk.js.download
cesseguranca.com.br/mantbank/index_files/ |
242 KB 243 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cdsession.js.download
cesseguranca.com.br/mantbank/index_files/ |
605 KB 605 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.js.download
cesseguranca.com.br/mantbank/index_files/ |
236 KB 237 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
white%20logo.png
cesseguranca.com.br/mantbank/index_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing-lender-logo.png
cesseguranca.com.br/mantbank/index_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fszullhwyai6bvj-desktop-720x816-update.jpeg
cesseguranca.com.br/mantbank/index_files/ |
111 KB 111 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fszullhwyai6bvj.jpeg
cesseguranca.com.br/mantbank/index_files/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-book.woff
cesseguranca.com.br/mantbank/index_files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
3026db81-b86b-482a-80f3-e6140164f995
http://cesseguranca.com.br/ |
165 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-book.woff
cesseguranca.com.br/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chevron_down.8adc6731.svg
cesseguranca.com.br/mantbank/css/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-light.woff
cesseguranca.com.br/mantbank/index_files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-medium.woff
cesseguranca.com.br/mantbank/index_files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fszullhwyai6bvj-desktop-720x816-update.jpeg
cesseguranca.com.br/mantbank/css/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-light.woff
cesseguranca.com.br/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-medium.woff
cesseguranca.com.br/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame F807 |
221 B 557 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame 9FEA |
221 B 556 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 3080 |
221 B 556 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame 9FEA |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame F807 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 3080 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: M&T Bank (Banking)73 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| UIEvent object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| cdwpb object| cdApi object| Utils object| customEventsObject object| cookiesUtils object| modalObject object| tealiumUtils function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| $ function| jQuery function| Cookies function| forceIE89Synchronicity object| lazySizes function| webkitAudioContext function| populateUserId function| cdSession string| style string| d string| t string| m object| s4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cesseguranca.com.br/mantbank | Name: cdSessionId Value: 5ba62c96-8470-4f06-b9f4-a09799f123d5 |
|
.cesseguranca.com.br/ | Name: cdContextId Value: 1 |
|
.cesseguranca.com.br/ | Name: bmuid Value: 1666757400423-3F93385F-B096-4EA2-A92A-DC53FE316BD1 |
|
.cesseguranca.com.br/ | Name: cdSNum Value: 1666757400620-sjn0000140-350da09a-614c-4f4d-8db9-91c84a2360d1 |
15 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
cesseguranca.com.br
15.235.39.189
2600:9000:20ed:0:13:ab57:d440:93a1
2600:9000:20ed:800:1e:54f1:26c0:93a1
2600:9000:20ed:e600:a:6cdf:4440:93a1
0241159456863a6baa0790dfb58ab3c6dd892f080ee2a52259fb101f4c166412
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
302462d4283c45e7405dcaf5036c9f1e34982c47baaa0a39c2b45e6cb9a203f4
33d14acacf40372d80e76719ef2003a134c13fdbfd84f5a730b29f16e5d3eb9d
46c43686825a8cb8bf832253977abfb4871e5d9014cb6912e8519c736a6253d3
56a6f99d8872d78782b4ca6da983ed70ea0a41973e604b21a1544c54a23fc427
68d12e8086357835fc398c26ffc15a2ad73d6c1ceb930e545982149af754e652
7433ef23bb48cab684848dd1d65ce9e61a999a059256d867edeb72cebb2c24f0
83b7bc3a6730a7762f5cd69f0a5698beee63eb07a0a66804dc3ed7c21cb51f3a
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
b9b7a642f229db0bbc0a820e1eee063041d03ab631f868e8106c1aa1c4647b75
bf1a1d972a6cf7f401aa7ca54218da815d740a930c0f2294b7f3362c99e32dcf
c5bac5c06dfc6a8b1547af4e6dfa0d784f70db7c92cfe1e97c45e962f0283d0c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3600cc522d109bf4d7aeb56960790240e80d9f22f6ae99e9a77d020bdf8f3cd