areticaempresarial.com.br Open in urlscan Pro
173.212.206.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://areticaempresarial.com.br/microsoftsharepoint/share.php
Effective URL:
https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1...
Submission: On June 22 via manual (June 22nd 2018, 6:38:50 pm UTC) from US

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 173.212.206.123, located in Germany and belongs to CONTABO, DE. The main domain is areticaempresarial.com.br.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 29th 2018. Valid for: 3 months.

This is the only time areticaempresarial.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 8	173.212.206.123 173.212.206.123	51167 (CONTABO) (CONTABO)
2	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
8	3

8 173.212.206.123 (Germany) 2 redirects

ASN51167 (CONTABO, DE)
PTR: ns1.dns-servidor.com

areticaempresarial.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	areticaempresarial.com.br 2 redirects areticaempresarial.com.br	37 KB
2	googleapis.com fonts.googleapis.com	581 B
8	2

	Domain	Requested by
8	areticaempresarial.com.br	2 redirects areticaempresarial.com.br
2	fonts.googleapis.com	areticaempresarial.com.br
8	2

This site contains no links.

Subject Issuer	Validity	Valid
areticaempresarial.com.br cPanel, Inc. Certification Authority	`2018-05-29` - `2018-08-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
Frame ID: F27DC653E2E3B17F898D83A3C17BC0BB
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://areticaempresarial.com.br/microsoftsharepoint/share.php Page URL
https://areticaempresarial.com.br/microsoftoffice/share/share HTTP 301
https://areticaempresarial.com.br/microsoftoffice/share/share/ HTTP 302
https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightas... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

8
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

37 kB
Transfer

50 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://areticaempresarial.com.br/microsoftsharepoint/share.php Page URL
https://areticaempresarial.com.br/microsoftoffice/share/share HTTP 301
https://areticaempresarial.com.br/microsoftoffice/share/share/ HTTP 302
https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 share.php
areticaempresarial.com.br/microsoftsharepoint/ 297 B
394 B 245ms
209ms Document
text/html 173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://areticaempresarial.com.br/microsoftsharepoint/share.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: areticaempresarial.com.br
:scheme: https
:path: /microsoftsharepoint/share.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: F27DC653E2E3B17F898D83A3C17BC0BB

Response headers

status: 200
server: nginx
date: Fri, 22 Jun 2018 18:38:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron
content-encoding: gzip

GET
H2

200

Primary Request kl626bj2og40mz4mgjobd3dj.php Show response
areticaempresarial.com.br/microsoftoffice/share/share/
Redirect Chain

https://areticaempresarial.com.br/microsoftoffice/share/share
https://areticaempresarial.com.br/microsoftoffice/share/share/
https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=

4 KB
2 KB

156ms
155ms

Document
text/html

173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=

Requested by

Host: areticaempresarial.com.br
URL: https://areticaempresarial.com.br/microsoftsharepoint/share.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

781f0f749aa6a6f10949ee43df023c04bdd82ffa12e07d4c7e035d277508a821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: areticaempresarial.com.br
:scheme: https
:path: /microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://areticaempresarial.com.br/microsoftsharepoint/share.php
accept-encoding: gzip, deflate
cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: F27DC653E2E3B17F898D83A3C17BC0BB
Referer: https://areticaempresarial.com.br/microsoftsharepoint/share.php

Response headers

status: 200
server: nginx
date: Fri, 22 Jun 2018 18:38:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron
content-encoding: gzip

Redirect headers

status: 302
server: nginx
date: Fri, 22 Jun 2018 18:38:40 GMT
content-type: text/html; charset=UTF-8
location: kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5; path=/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron

GET
S 200 css
fonts.googleapis.com/ 248 B
302 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600

Requested by

Host: areticaempresarial.com.br
URL: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=

Protocol

SPDY

Server

2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

c69b643bfb59a8fe50fb6be4c137fa989bef78041cc3e363c0ec5ddd398a38fc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 22 Jun 2018 18:38:40 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Fri, 22 Jun 2018 18:38:40 GMT

GET
H2 200 share-point.css
areticaempresarial.com.br/microsoftoffice/share/share/css/ 15 KB
6 KB 40ms
40ms Stylesheet
text/css 173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://areticaempresarial.com.br/microsoftoffice/share/share/css/share-point.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

2ee69aef3afb10b368bde9fea7e97cc75c030c890e3d2b8dc4ad19d498234dbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /microsoftoffice/share/share/css/share-point.css
pragma: no-cache
cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: areticaempresarial.com.br
referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
:scheme: https
:method: GET
Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: public
date: Fri, 22 Jun 2018 18:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 31 Dec 2017 23:22:34 GMT
server: nginx
vary: Accept-Encoding
x-nginx-cache-status: REVALIDATED
status: 200
cache-control: max-age=2592000
x-server-powered-by: Engintron
content-type: text/css
x-xss-protection: 1; mode=block
expires: Sun, 22 Jul 2018 18:38:40 GMT

GET
H2 200 logo.png
areticaempresarial.com.br/microsoftoffice/share/share/img/ 3 KB
4 KB 39ms
39ms Image
image/png 173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://areticaempresarial.com.br/microsoftoffice/share/share/img/logo.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /microsoftoffice/share/share/img/logo.png
pragma: no-cache
cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: areticaempresarial.com.br
referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
:scheme: https
:method: GET
Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: public
date: Fri, 22 Jun 2018 18:38:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 31 Dec 2017 16:39:06 GMT
server: nginx
x-nginx-cache-status: REVALIDATED
status: 200
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-type: image/png
content-length: 3331
x-xss-protection: 1; mode=block
expires: Tue, 21 Aug 2018 18:38:40 GMT

GET
H2 200 pdf.png
areticaempresarial.com.br/microsoftoffice/share/share/img/ 7 KB
7 KB 39ms
39ms Image
image/png 173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://areticaempresarial.com.br/microsoftoffice/share/share/img/pdf.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /microsoftoffice/share/share/img/pdf.png
pragma: no-cache
cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: areticaempresarial.com.br
referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
:scheme: https
:method: GET
Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: public
date: Fri, 22 Jun 2018 18:38:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 31 Dec 2017 17:33:24 GMT
server: nginx
x-nginx-cache-status: REVALIDATED
status: 200
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-type: image/png
content-length: 6830
x-xss-protection: 1; mode=block
expires: Tue, 21 Aug 2018 18:38:40 GMT

GET
H2 200 logo_strip0.png
areticaempresarial.com.br/microsoftoffice/share/share/img/ 17 KB
18 KB 38ms
38ms Image
image/png 173.212.206.123
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://areticaempresarial.com.br/microsoftoffice/share/share/img/logo_strip0.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.212.206.123 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

ns1.dns-servidor.com

Software

nginx /

Resource Hash

e540f069bc18cb647fb44e4653ecb1c0bb5f5cad2f1c2374435ac7674ec40bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /microsoftoffice/share/share/img/logo_strip0.png
pragma: no-cache
cookie: PHPSESSID=7j1089pge6p8oo1bsicd0e3nu5
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: areticaempresarial.com.br
referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
:scheme: https
:method: GET
Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: public
date: Fri, 22 Jun 2018 18:38:40 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Apr 2018 07:56:20 GMT
server: nginx
x-nginx-cache-status: REVALIDATED
status: 200
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-type: image/png
content-length: 17696
x-xss-protection: 1; mode=block
expires: Tue, 21 Aug 2018 18:38:40 GMT

GET
S 200 css
fonts.googleapis.com/ 0
279 B 15ms
15ms Other
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600

Requested by

Protocol

SPDY

Server

2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Purpose: prefetch
Referer: https://areticaempresarial.com.br/microsoftoffice/share/share/kl626bj2og40mz4mgjobd3dj.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 22 Jun 2018 18:38:40 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Fri, 22 Jun 2018 18:38:40 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Origin: https://areticaempresarial.com.br

Response headers

Access-Control-Allow-Origin: *
Content-Type: application/octet-stream

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online) Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			areticaempresarial.com.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7j1089pge6p8oo1bsicd0e3nu5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

areticaempresarial.com.br
fonts.googleapis.com
173.212.206.123
2a00:1450:4001:81f::200a
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2ee69aef3afb10b368bde9fea7e97cc75c030c890e3d2b8dc4ad19d498234dbf
781f0f749aa6a6f10949ee43df023c04bdd82ffa12e07d4c7e035d277508a821
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
c69b643bfb59a8fe50fb6be4c137fa989bef78041cc3e363c0ec5ddd398a38fc
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
e540f069bc18cb647fb44e4653ecb1c0bb5f5cad2f1c2374435ac7674ec40bb4

areticaempresarial.com.br Open in urlscan Pro 173.212.206.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

75 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

37 kBTransfer

50 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

areticaempresarial.com.br Open in urlscan Pro
173.212.206.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

37 kB
Transfer

50 kB
Size

1
Cookies

8 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!