estudosdoespirito.org.br Open in urlscan Pro
191.252.182.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://netparts.ge/de
Effective URL:
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php
Submission: On June 14 via manual (June 14th 2024, 3:39:11 pm UTC) from DE — Scanned from DE

Summary HTTP 1 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 191.252.182.13, located in Brazil and belongs to Locaweb Servicos de Internet SA, BR. The main domain is estudosdoespirito.org.br.
TLS certificate: Issued by R3 on April 22nd 2024. Valid for: 3 months.

This is the only time estudosdoespirito.org.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 2	217.147.236.155 217.147.236.155	20545 (GRENA-AS ...) (GRENA-AS Tbilisi)
2 3	191.252.182.13 191.252.182.13	27715 (Locaweb S...) (Locaweb Servicos de Internet SA)
1	2

2 217.147.236.155 (Tbilisi, Georgia) 2 redirects

ASN20545 (GRENA-AS Tbilisi, Georgia, GE)
PTR: web.uptime.ge

netparts.ge	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 191.252.182.13 (Brazil) 2 redirects

ASN27715 (Locaweb Servicos de Internet SA, BR)
PTR: vps28042.publiccloud.com.br

estudosdoespirito.org.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	estudosdoespirito.org.br 2 redirects estudosdoespirito.org.br	1 MB
2	netparts.ge 2 redirects netparts.ge	188 B
1	2

	Domain	Requested by
3	estudosdoespirito.org.br	2 redirects
2	netparts.ge	2 redirects
1	2

This site contains links to these domains. Also see Links.

Domain
login.ionos.com
www.ionos.com
ias.ionos.com
mail.ionos.com
dcd.ionos.com
hidrive.ionos.com
www.ionos-status.com

Subject Issuer	Validity	Valid
ead.estudosdoespirito.org.br R3	`2024-04-22` - `2024-07-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php
Frame ID: A3445549F5617AFC1617545B657AC349
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung - IONOS

Page URL History Show full URLs

https://netparts.ge/de HTTP 301
https://netparts.ge/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1538 kB
Transfer

1542 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://login.ionos.com/
Title: Anmeldung

Search URL Search Domain Scan URL

URL: https://www.ionos.com/help/security-c85142/browser-security-c85171
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.ionos.com/help/index.php?id=4152
Title: Anmeldedaten vergessen?

Search URL Search Domain Scan URL

URL: https://ias.ionos.com/ias/follow/CLICK?ias_source=ACCOUNT_WEBAPP-US&ias_medium=HOME-login_offerlink&ias_content=LOGIN_OFFERLINK-DEFAULT&ias_campaign=&iasSessionId=ceea3f8b-5d6e-43e4-848a-1cb55f5a8409&target=https%3A%2F%2Fwww.ionos.com%2F%3Fac%3DOM.US.US263K413861T7073a
Title: Werden Sie jetzt Kunde und profitieren Sie von unseren Angeboten.

Search URL Search Domain Scan URL

URL: https://mail.ionos.com/
Title: Webmail

Search URL Search Domain Scan URL

URL: https://dcd.ionos.com/latest?regDomain=ionos.com
Title: Rechenzentrumsdesigner

Search URL Search Domain Scan URL

URL: https://hidrive.ionos.com/
Title: HiDrive

Search URL Search Domain Scan URL

URL: https://www.ionos-status.com/?utm_medium=footer&utm_content=minor&utm_source=CENTRAL_LOGIN&utm_campaign=HOME&utm_term=no_search
Title: Beeinträchtigte Leistung

Search URL Search Domain Scan URL

URL: https://www.ionos.com/about
Title: IONOS Inc.

Search URL Search Domain Scan URL

URL: https://www.ionos.com/terms-gtc/terms-privacy
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

URL: https://www.ionos.com/terms-gtc
Title: T&Cs

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://netparts.ge/de HTTP 301
https://netparts.ge/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
10 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request main.php Show response estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ Redirect Chain https://netparts.ge/de https://netparts.ge/de/ https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/ https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php	1 MB 1 MB	3693ms 3693ms	Document text/html	191.252.182.13 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 191.252.182.13 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vps28042.publiccloud.com.br Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30 / PHP/8.0.30 Resource Hash `19010b49450631f7c79930db0987e4dee23f161a5fab2cd7ed84927535776828` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 14 Jun 2024 15:35:34 GMT Keep-Alive timeout=5, max=98 Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30 Transfer-Encoding chunked X-Powered-By PHP/8.0.30 Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Fri, 14 Jun 2024 15:35:34 GMT Keep-Alive timeout=5, max=99 Location ./main.php Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30 X-Powered-By PHP/8.0.30
GET DATA	200 OK	truncated /	845 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `78957d2db50f27985e0c73c0236d2b4377f53f8c2681c2d00be836b6eb967a4d` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0f1f89f3de13481ab3a2f24d0840323c36e1673bb3d0283d7ec0c63e9560bd71` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `209df082d94354998063d5e5613588a07a7652cda292949b05060de1fac6a6a2` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	920 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7043d536f588b8ccb2d6fba13113af4b69fe0c517c7bd885081e62b90d6c1e1f` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	62 KB 62 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b` Request headers Referer Origin https://estudosdoespirito.org.br Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	251 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	50 KB 50 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3` Request headers Referer Origin https://estudosdoespirito.org.br Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	42 KB 42 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5` Request headers Referer Origin https://estudosdoespirito.org.br Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	68 KB 68 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a` Request headers Referer Origin https://estudosdoespirito.org.br Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	40 KB 40 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4` Request headers Referer Origin https://estudosdoespirito.org.br Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

estudosdoespirito.org.br
netparts.ge
191.252.182.13
217.147.236.155
0f1f89f3de13481ab3a2f24d0840323c36e1673bb3d0283d7ec0c63e9560bd71
19010b49450631f7c79930db0987e4dee23f161a5fab2cd7ed84927535776828
209df082d94354998063d5e5613588a07a7652cda292949b05060de1fac6a6a2
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
7043d536f588b8ccb2d6fba13113af4b69fe0c517c7bd885081e62b90d6c1e1f
78957d2db50f27985e0c73c0236d2b4377f53f8c2681c2d00be836b6eb967a4d
82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461

estudosdoespirito.org.br Open in urlscan Pro 191.252.182.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1538 kBTransfer

1542 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

estudosdoespirito.org.br Open in urlscan Pro
191.252.182.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1538 kB
Transfer

1542 kB
Size

0
Cookies

1 HTTP transactions
10 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!