![](/screenshots/6eda6a64-a78d-4fd6-937e-f4b6eebd407d.png)
estudosdoespirito.org.br
Open in
urlscan Pro
191.252.182.13
Malicious Activity!
Public Scan
Effective URL: https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php
Submission: On June 14 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 22nd 2024. Valid for: 3 months.
This is the only time estudosdoespirito.org.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 217.147.236.155 217.147.236.155 | 20545 (GRENA-AS ...) (GRENA-AS Tbilisi) | |
2 3 | 191.252.182.13 191.252.182.13 | 27715 (Locaweb S...) (Locaweb Servicos de Internet SA) | |
1 | 2 |
ASN20545 (GRENA-AS Tbilisi, Georgia, GE)
PTR: web.uptime.ge
netparts.ge |
ASN27715 (Locaweb Servicos de Internet SA, BR)
PTR: vps28042.publiccloud.com.br
estudosdoespirito.org.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
estudosdoespirito.org.br
2 redirects
estudosdoespirito.org.br |
1 MB |
2 |
netparts.ge
2 redirects
netparts.ge |
188 B |
1 | 2 |
Domain | Requested by | |
---|---|---|
3 | estudosdoespirito.org.br | 2 redirects |
2 | netparts.ge | 2 redirects |
1 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.ionos.com |
www.ionos.com |
ias.ionos.com |
mail.ionos.com |
dcd.ionos.com |
hidrive.ionos.com |
www.ionos-status.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ead.estudosdoespirito.org.br R3 |
2024-04-22 - 2024-07-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php
Frame ID: A3445549F5617AFC1617545B657AC349
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/6eda6a64-a78d-4fd6-937e-f4b6eebd407d.png)
Page Title
Anmeldung - IONOSPage URL History Show full URLs
-
https://netparts.ge/de
HTTP 301
https://netparts.ge/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Anmeldung
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: Anmeldedaten vergessen?
Search URL Search Domain Scan URL
Title: Werden Sie jetzt Kunde und profitieren Sie von unseren Angeboten.
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Rechenzentrumsdesigner
Search URL Search Domain Scan URL
Title: HiDrive
Search URL Search Domain Scan URL
Title: Beeinträchtigte Leistung
Search URL Search Domain Scan URL
Title: IONOS Inc.
Search URL Search Domain Scan URL
Title: Datenschutzrichtlinie
Search URL Search Domain Scan URL
Title: T&Cs
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://netparts.ge/de
HTTP 301
https://netparts.ge/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ HTTP 302
https://estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/main.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
main.php
estudosdoespirito.org.br/moodle/completion/classes/renew/ins/de/gr/ Redirect Chain
|
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
845 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
920 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
251 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 KB 68 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
40 KB 40 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
estudosdoespirito.org.br
netparts.ge
191.252.182.13
217.147.236.155
0f1f89f3de13481ab3a2f24d0840323c36e1673bb3d0283d7ec0c63e9560bd71
19010b49450631f7c79930db0987e4dee23f161a5fab2cd7ed84927535776828
209df082d94354998063d5e5613588a07a7652cda292949b05060de1fac6a6a2
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
7043d536f588b8ccb2d6fba13113af4b69fe0c517c7bd885081e62b90d6c1e1f
78957d2db50f27985e0c73c0236d2b4377f53f8c2681c2d00be836b6eb967a4d
82a3b507d88d0bf1ae099818e5e4754081e05a915408c22ec6db3cda9b96afd4
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461