sibaconsultores.com Open in urlscan Pro
162.214.75.94  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request homes.html Show response sibaconsultores.com/	10 KB 10 KB	789ms 116ms	Document text/html	162.214.75.94 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://sibaconsultores.com/homes.html Protocol HTTP/1.1 Server 162.214.75.94 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS dedi-194041.virtualeduca.mx Software Apache / Resource Hash 64a37e30d7b0f4bad7d92aed87aa29a7e26ae0ab24d10ad2a0b128d6af5dd36e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 9803 Content-Type text/html Date Sun, 28 Jan 2024 05:12:43 GMT Keep-Alive timeout=5, max=100 Last-Modified Sun, 10 Sep 2023 03:29:13 GMT Server Apache
GET H2	200	detector.min.js Show response www.arcgis.com/sharing/files/scripts/	619 B 568 B	374ms 127ms	Script text/javascript	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/scripts/detector.min.js?v=1AD4178 Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash 7a61390da2f1200faa43b5296291e4035a110e4f3d7057c9f3bdfec834826794 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/javascript cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	site.min.css www.arcgis.com/sharing/files/css/	70 KB 14 KB	359ms 112ms	Stylesheet text/css	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/css/site.min.css?v=1AD4178 Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash 04cd25bf99a2ba70bda5fbe43bf00f88f36f7b25e6bf803ee6ed6bb4cf4d8015 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/css cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	theme.min.js Show response www.arcgis.com/sharing/files/scripts/	646 B 609 B	316ms 69ms	Script text/javascript	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/scripts/theme.min.js?v=1AD4178 Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash 9ebd1cdc26228ca1a58bb49293a992641557dbb1d130d5b6f8f77672e038a6a3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/javascript cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	site-dark.min.css www.arcgis.com/sharing/files/css/	4 KB 1 KB	314ms 68ms	Stylesheet text/css	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/css/site-dark.min.css Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash b666dbedda604a0fc2e14737568278b5adb7414a4799a090be0293c761a9a642 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/css cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	oauth2.js Show response www.arcgis.com/sharing/files/scripts/	370 KB 89 KB	313ms 66ms	Script text/javascript	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/scripts/oauth2.js?v=1AD4178 Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash b75ef05280e1f739a55cf51261b02bee9c9e63f215bd0b69eafb63465edb0a21 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/javascript cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	domReady.js Show response www.arcgis.com/sharing/files/scripts/	4 KB 2 KB	68ms 68ms	Script text/javascript	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/scripts/domReady.js Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash ed19e71532c13c0af247a2d62b1af56e459639ced8953e9ac8ae776aced92afc Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:43 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type text/javascript cache-control max-age=86400 x-xss-protection 1; mode=block
GET H2	200	microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg aadcdn.msftauth.net/shared/1.0/content/images/	4 KB 2 KB	282ms 36ms	Image image/svg+xml	2606:2800:21f:1b88:6342:f8de:86c:e98b EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg Requested by Host: sibaconsultores.com URL: http://sibaconsultores.com/homes.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:21f:1b88:6342:f8de:86c:e98b , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (mib/5BDA) / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 28 Jan 2024 05:12:43 GMT content-encoding gzip content-md5 nzaLxFgP7ZB3dfMcaybWzw== age 19400811 x-cache HIT content-length 1435 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:48 GMT server ECAcc (mib/5BDA) etag 0x8DB5C3F495F4B8C vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 7548e406-301e-0077-5135-a1fb92000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H/1.1	200 OK	site-light.min.css sibaconsultores.com/sharing/files/css/	2 B 207 B	488ms 487ms	Stylesheet text/html	162.214.75.94 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://sibaconsultores.com/sharing/files/css/site-light.min.css Requested by Host: www.arcgis.com URL: https://www.arcgis.com/sharing/files/scripts/theme.min.js?v=1AD4178 Protocol HTTP/1.1 Server 162.214.75.94 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS dedi-194041.virtualeduca.mx Software Apache / Resource Hash 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Date Sun, 28 Jan 2024 05:12:43 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	09ab0626-bb45-4650-acc8-0182d693df02.woff2 www.arcgis.com/sharing/files/css/fonts/	15 KB 15 KB	183ms 66ms	Font application/octet-stream	18.234.22.29 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.arcgis.com/sharing/files/css/fonts/09ab0626-bb45-4650-acc8-0182d693df02.woff2 Requested by Host: www.arcgis.com URL: https://www.arcgis.com/sharing/files/css/site.min.css?v=1AD4178 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.234.22.29 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-234-22-29.compute-1.amazonaws.com Software / Resource Hash d90cb22909a17a90f7957047526e960670dd1edb89492e57c8fccfa1fea59313 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.arcgis.com/sharing/files/css/site.min.css?v=1AD4178 Origin http://sibaconsultores.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Sun, 28 Jan 2024 05:12:44 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip x-frame-options SAMEORIGIN vary Origin, Accept-Encoding content-type application/octet-stream access-control-allow-origin http://sibaconsultores.com cache-control max-age=86400 access-control-allow-credentials true x-xss-protection 1; mode=block
GET H/1.1	200 OK	domReady.js Show response sibaconsultores.com/sharing/files/scripts/	2 B 208 B	601ms 491ms	Script text/html	162.214.75.94 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://sibaconsultores.com/sharing/files/scripts/domReady.js Requested by Host: www.arcgis.com URL: https://www.arcgis.com/sharing/files/scripts/oauth2.js?v=1AD4178 Protocol HTTP/1.1 Server 162.214.75.94 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS dedi-194041.virtualeduca.mx Software Apache / Resource Hash 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Request headers accept-language en-US,en;q=0.9 Referer http://sibaconsultores.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Date Sun, 28 Jan 2024 05:12:43 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| setTheme object| oAuthInfo function| requirejs function| require function| define

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
sibaconsultores.com
www.arcgis.com
162.214.75.94
18.234.22.29
2606:2800:21f:1b88:6342:f8de:86c:e98b
04cd25bf99a2ba70bda5fbe43bf00f88f36f7b25e6bf803ee6ed6bb4cf4d8015
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
64a37e30d7b0f4bad7d92aed87aa29a7e26ae0ab24d10ad2a0b128d6af5dd36e
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
7a61390da2f1200faa43b5296291e4035a110e4f3d7057c9f3bdfec834826794
9ebd1cdc26228ca1a58bb49293a992641557dbb1d130d5b6f8f77672e038a6a3
b666dbedda604a0fc2e14737568278b5adb7414a4799a090be0293c761a9a642
b75ef05280e1f739a55cf51261b02bee9c9e63f215bd0b69eafb63465edb0a21
d90cb22909a17a90f7957047526e960670dd1edb89492e57c8fccfa1fea59313
ed19e71532c13c0af247a2d62b1af56e459639ced8953e9ac8ae776aced92afc