docesantoantonio.com.br
Open in
urlscan Pro
2606:4700:3036::6815:3999
Malicious Activity!
Public Scan
Submission: On May 13 via automatic, source openphish
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 25th 2020. Valid for: a year.
This is the only time docesantoantonio.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Postmaster (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 2606:4700:303... 2606:4700:3036::6815:3999 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
docesantoantonio.com.br
1 redirects
docesantoantonio.com.br |
49 KB |
3 | 1 |
Domain | Requested by | |
---|---|---|
4 | docesantoantonio.com.br |
1 redirects
docesantoantonio.com.br
|
3 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-25 - 2021-11-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://docesantoantonio.com.br/xxe/china/
Frame ID: 6D12651060B1A03617CE069792C53ED2
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://docesantoantonio.com.br/xxe/china
HTTP 301
https://docesantoantonio.com.br/xxe/china/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://docesantoantonio.com.br/xxe/china
HTTP 301
https://docesantoantonio.com.br/xxe/china/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3-29 |
Primary Request
/
docesantoantonio.com.br/xxe/china/ Redirect Chain
|
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
postmaster.png
docesantoantonio.com.br/xxe/china/hellion/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
logos.png
docesantoantonio.com.br/xxe/china/hellion/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Postmaster (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
docesantoantonio.com.br
2606:4700:3036::6815:3999
59d7f74e29500e39832625a29b47a6d709703193ca0ad5c537118ae8712a8ac4
712e1c53d44830c025ba658cc1d1ffaaaa68733fd885b41db39c4f0e3af9fb8c
9241453e99644ed913735907d62b2ce5c6ef51c18f0780e95857fc345ba511d3