![](/screenshots/f087c737-be11-4878-8b65-787b20801414.png)
fabianotavora.com.br
Open in
urlscan Pro
192.185.212.34
Malicious Activity!
Public Scan
Effective URL: https://fabianotavora.com.br/driveoneline-login-info-onedrive-payment.aspx/onedrivenew/
Submission: On February 14 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 14th 2022. Valid for: 3 months.
This is the only time fabianotavora.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 45.126.58.78 45.126.58.78 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
1 | 193.19.176.8 193.19.176.8 | 44770 (SAVVY-AS ...) (SAVVY-AS www.savvy.cz) | |
1 | 192.185.212.34 192.185.212.34 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
7 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
9 | 3 |
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id |
ASN44770 (SAVVY-AS www.savvy.cz, CZ)
PTR: jupiter.savvy.cz
marekholecek.cz |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: br44-ip18.hostgator.com.br
fabianotavora.com.br |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6264 |
87 KB |
1 |
fabianotavora.com.br
fabianotavora.com.br |
2 KB |
1 |
marekholecek.cz
marekholecek.cz |
491 B |
1 |
s.id
1 redirects
s.id — Cisco Umbrella Rank: 204415 |
143 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
7 | firebasestorage.googleapis.com |
fabianotavora.com.br
|
1 | fabianotavora.com.br | |
1 | marekholecek.cz | |
1 | s.id | 1 redirects |
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
marekholecek.cz R3 |
2022-01-14 - 2022-04-14 |
3 months | crt.sh |
www.jrfactoring.bitart.com.br R3 |
2022-01-14 - 2022-04-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://fabianotavora.com.br/driveoneline-login-info-onedrive-payment.aspx/onedrivenew/
Frame ID: 11389335540406E68544BFA8729FB6E0
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/f087c737-be11-4878-8b65-787b20801414.png)
Page URL History Show full URLs
-
https://s.id/WNLc
HTTP 301
https://marekholecek.cz/www/admin/xxx.html Page URL
- https://fabianotavora.com.br/driveoneline-login-info-onedrive-payment.aspx/onedrivenew/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.id/WNLc
HTTP 301
https://marekholecek.cz/www/admin/xxx.html Page URL
- https://fabianotavora.com.br/driveoneline-login-info-onedrive-payment.aspx/onedrivenew/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://s.id/WNLc HTTP 301
- https://marekholecek.cz/www/admin/xxx.html
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
xxx.html
marekholecek.cz/www/admin/ Redirect Chain
|
172 B 491 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
fabianotavora.com.br/driveoneline-login-info-onedrive-payment.aspx/onedrivenew/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
one.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b.jpg
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
of.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
457 B 774 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ot.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
361 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ao.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
427 B 721 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ya.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
an.png
firebasestorage.googleapis.com/v0/b/one0drive.appspot.com/o/ |
494 B 788 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone function| an function| of function| ou function| ao function| ya0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fabianotavora.com.br
firebasestorage.googleapis.com
marekholecek.cz
s.id
192.185.212.34
193.19.176.8
2a00:1450:4001:810::200a
45.126.58.78
11f6bf364f364f2c539450a43f8922429d882505d1f7a7f6b702581702104597
4a1a760b8219df5d045b706e4aed02245e35102e9de8412fc00ce356bda6b3dc
5e337e802ad173ebe9bf2244db2b77262a0dd8f6c89b8d6dfb2ef649a730cf1f
62308587d8095e0d250f492b6bdcc583db0887733dfc1cbb25517b20b02e0ce9
7b289c8b999ed425b9f99b072f590722752f82f3f2107b497210459a63e33c9b
9f5812201213197d46d28f422ea9941ff80110a07f3c06a03c8eb4ca0edfbc5a
adbbef58f853d7a16704a9ae9789a2c7ec8aa6b8000233c37864bfefb1f2609b
c4139968371b08bd825d5e9e7824eaaacd5b455fcb06ba85d5c601f347e2ad54
c6a5a7526ea13dbe6f7c542d376523d7ddc58d991b499a69fcdb9c9302579bcc