Email do ataque: engagementY2VqdmhzVVVTeFB5MUlPYXl1ckZTdz09@beeviral-mail1.com.br
indique@beeviral-mail1.com.br
Link do phishing:https://u27112597.ct.sendgrid.net/ls/click?upn=u001.o3NbMlaZb9gxKeA2wq0DnFNDGMsLOofqA-2Fvzgw0VZQcMdxrueLd-2BAeU6-2BZxyglalPRyuONgwLO3O6Mf9Nh59pUONU9gUF0TqZwMQeKbTCMOarjZPsTIQprMK1oTiC9ZMJFERzXUI7krt7st68Iz5o2dZK7WC5q2vnBG1YLL9TBLekH6r7TO-2Fr-2BDp7PcJ4RhATa-2BpaAvU-2FJqMt-2BmF2EkSrwSitAHPiENcptrbpf74n-2F8-3DTU8m_Od-2B-2FOH59clLKCpt2gRyyuPmE8SZg-2B2YXU-2BTpfDSHijKuTiK-2B17-2F8zz8xhc6gRBlru9Dn4664-2F7Xx0PsViJi-2FvTMewDQZ7OTS6gJp17AlzQJh4inrFm-2BnusEuLjDB1OidQw71FQ-2FQn-2F90tjFkvSx0cueupMk4K87-2Fb5a4aN0k7GGS03Y-2B8bYDZeko3-2FGKypfYrXYw-2BfsfwaRaBudpxg-2BBamPwkjB8d87CN5Uq8RM92-2Fhyevoj1j-2BUlMVrXkdmXlQiLRcTv73Edfn005Fcq47VBw-3D-3D
ESTRUTURA DO PHISHING:
Estrutura do phishing:Server: nginx
Date: Fri, 01 May 2026 15:30:34 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: https://account.beeviral.app/App/MinhasIndicacoes?bvid=kOLjf57T4iB2xU6DLLRZtCgMF546NS*ZvK1IFmnD0NI=&utm_campaign=website&utm_medium=email&utm_source=sendgrid.com
X-Robots-Tag: noindex, nofollow
HTTP/2 200
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 21153
content-type: text/html; charset=utf-8
expires: -1
p3p: CP="ALL IDC IND NOR PDSa PSAa PHY ONL CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
x-frame-options: SAMEORIGIN
set-cookie: version=2.0.0.76; expires=Thu, 01-May-2031 15:30:35 GMT; path=/; secure; HttpOnly; SameSite=none; Secure
set-cookie: __RequestVerificationToken=4891CHia0gyEAQ7wDxWbJ84y0PvguTq1iXQd7CDj6z0-QmnMt0vwrzcsZC922VXzSNl6rYgYXXVjQfjUbX-n8dPuvONbUStVi7cPDrx-g2Y1; path=/; secure; HttpOnly; SameSite=none; Secure
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
content-security-policy: worker-src 'self' blob:;child-src 'self' *.carsystem.com *.beeviral.app *.beeviral.com.br *.facebook.com *.facebook.net *.googletagmanager.com *.firebaseapp.com *.gstatic.com *.google.com *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://apph.carsystem.com; frame-src * 'self' *.carsystem.com *.gstatic.com *.google.com *.beeviral.app *.beeviral.com.br *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://www.beeviral.com.br https://apph.carsystem.com; frame-ancestors 'self' * *.carsystem.com *.gstatic.com *.google.com *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://editor.unlayer.com https://account.beeviral.app https://*.beeviral.app https://*.beeviral.com.br https://www.beeviral.com.br https://bi.beeviral.com.br https://apph.carsystem.com X-Frame-Options: SAMEORIGIN
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=31536000; includeSubDomains
feature-policy: accelerometer 'none'; gyroscope 'none'; magnetometer 'none'; usb 'none'
permissions-policy: clipboard-write=(self), geolocation=(self), fullscreen=(self), payment=(self), bluetooth=(), web-share=(self)
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 01 May 2026 15:30:34 GMT
Alvo: Servidores de e-mails de alunos e funcionários da faculdade Cruzeiro do Sul .
Descrição: Identifiquei uma atividade anômala de disparos de e-mail (Spam) atingindo os servidores da instituição.
Evidências Técnicas:
Origem: Domínio beeviral-mail1.com.br (Registrado por Ascent Serviços LTDA, CNPJ 04.495.203/0001-57).
Servidor de Envio: Microsoft/Outlook (MX: mail.protection.outlook.com).
Comportamento: O domínio não possui apontamento para site (Registro A), servindo apenas como infraestrutura de disparo.
domain: beeviral-mail1.com.br
owner: Ascent Servicos LTDA
ownerid: 04.495.203/0001-57
responsible: Marcelo Pereira Silva
country: BR
owner-c: ASSLT32
tech-c: ASSLT32
nserver: d.sec.dns.br
nsstat: 20260430 AA
nslastaa: 20260430
nserver: e.sec.dns.br
nsstat: 20260430 AA
nslastaa: 20260430
dsrecord: 41525 ECDSA-SHA-256 1319FFD537BB873E6D484C623E61426E3C6051B9907CFE353F2CBC690E2D8501
dsstatus: 20260430 DSOK
dslastok: 20260430
saci: yes
created: 20210521 #22887254
changed: 20250523
expires: 20260521
status: published
nic-hdl-br: ASSLT32
person: ASCENT Serviços Ltda
e-mail: registrobr@ascentservicos.com.br
country: BR
created: 20130605
changed: 20170626
