www.stm.com.br
Open in
urlscan Pro
191.6.209.19
Malicious Activity!
Public Scan
Effective URL: http://www.stm.com.br/swiss/page.php
Submission Tags: 7507131
Submission: On May 05 via api from US — Scanned from DE
Summary
This is the only time www.stm.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 13 | 191.6.209.19 191.6.209.19 | 28299 (IPV6 Inte...) (IPV6 Internet Ltda) | |
12 | 2 |
ASN28299 (IPV6 Internet Ltda, BR)
PTR: varnish-farm1.kinghost.net
www.stm.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
stm.com.br
2 redirects
www.stm.com.br |
1 MB |
12 | 1 |
Domain | Requested by | |
---|---|---|
13 | www.stm.com.br |
2 redirects
www.stm.com.br
|
12 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.stm.com.br/swiss/page.php
Frame ID: F4A32BBD9175E113612D990FB63D77B2
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.stm.com.br/swiss
HTTP 301
http://www.stm.com.br/swiss/ HTTP 302
http://www.stm.com.br/swiss/page.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.stm.com.br/swiss
HTTP 301
http://www.stm.com.br/swiss/ HTTP 302
http://www.stm.com.br/swiss/page.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://www.stm.com.br/swiss/assets/js/jquery-1_002.js HTTP 301
- https://www.stm.com.br/swiss/assets/js/jquery-1_002.js
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
page.php
www.stm.com.br/swiss/ Redirect Chain
|
28 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
typeKit.js
www.stm.com.br/swiss/assets/js/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
www.stm.com.br/swiss/assets/css/ |
149 KB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
www.stm.com.br/swiss/assets/css/ |
22 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
www.stm.com.br/swiss/assets/js/ |
242 KB 243 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-1_002.js
www.stm.com.br/swiss/assets/js/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.js
www.stm.com.br/swiss/assets/js/ |
206 KB 206 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.js
www.stm.com.br/swiss/assets/js/ |
20 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ScriptResource_002.js
www.stm.com.br/swiss/assets/js/ |
349 KB 350 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ScriptResource.js
www.stm.com.br/swiss/assets/js/ |
93 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ogilvy-logos.svg
www.stm.com.br/swiss/assets/images/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ogilvy-iconoTarjeta.png
www.stm.com.br/swiss/assets/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.stm.com.br
- URL
- https://www.stm.com.br/swiss/assets/js/jquery-1_002.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| Typekit function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.stm.com.br
www.stm.com.br
191.6.209.19
06831185e31b1a87a5b40a61252ab31da46e5517f7899a1697a7ec8674adf5ab
0ba2f6756001669bdf934f9d79e8fd1ccf2028130c33a0510279581ec9dfd73a
0cfa72c034d5c3ddfa8c6845af7dd7a62e0540d1b3190e100ef42758bb73fcc4
0cfc4a70c37cecef342f0e14a9204008485665202a40ae48a2af09d381554435
4c0e0830747b89f629806815b59e660dcc92281b2108a2875998c4fb1cb5a846
794bf1ff4b8bbc981cb280b4efeb6e5b040afb34b85f6e3cd2546ace15910301
9fcc241093405946885039df428cfa7f0051a1f2bdbcc5a313a177a9e35f8806
a29236eed54ff257f34dd88abfd5a2f14b9190d84802f6703152d6b4ea511ca9
b1d8e73aeaca62e519b792ade3c0400821a86647bb75095a1367ae0301af807d
ecc047250aed883bd0038ba4cdf2b4b7f7105e28fae93712ad1a9090b014a9c9
fea0828b2891fed8dcbc843bdd5f9487598da5bfd583c7b832f9d76654d19589