www.aerotecsaneamento.com.br
Open in
urlscan Pro
199.180.134.210
Malicious Activity!
Public Scan
Submission: On April 07 via automatic, source openphish
Summary
This is the only time www.aerotecsaneamento.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 199.180.134.210 199.180.134.210 | 23033 (WOW) (WOW - Wowrack.com) | |
12 | 1 |
ASN23033 (WOW - Wowrack.com, US)
PTR: server.suaempresananet.com.br
www.aerotecsaneamento.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
aerotecsaneamento.com.br
www.aerotecsaneamento.com.br |
83 KB |
12 | 1 |
Domain | Requested by | |
---|---|---|
12 | www.aerotecsaneamento.com.br |
www.aerotecsaneamento.com.br
|
12 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.irs.gov |
sa2.www4.irs.gov |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/
Frame ID: 22382.1
Requests: 12 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Get Refund Status
Search URL Search Domain Scan URL
Title: Refund Help
Search URL Search Domain Scan URL
Title: Obtener Estado de Reembolso
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/ |
55 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popups.js
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
20 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
irslogo.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1x1-transparent.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1x1-grey.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asterisk.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
49 B 49 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
red-arrow.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
184 B 184 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
symbol_route.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
67 B 67 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
symbol_account_small.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
62 B 62 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top-transparent.gif
www.aerotecsaneamento.com.br/wp-admin/network/Server99x8/File/xx9_92/Tax-Refund-Status/Default.aspx/irSfof/lang/en/IRServlet/files/ |
877 B 877 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
www.aerotecsaneamento.com.br/ |
0 0 |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.aerotecsaneamento.com.br
199.180.134.210
04ae662979c3766caee4f34f0c6f64cda8a2a9ab19500ccf504897d665231dff
2a101cc8de0b7f5c4a795fe6a1fab8088b298e04a9fcb858dcb9eb6d970792c9
5355791b2d0488c160f155936dce2cc67f447a4e31a549161fcc598ab39a58c3
5ea037da9e15b7d5a408220d72dc25b3d010036a764647ff78ec2cdd739f769c
984f0a18749fb1ecb93ac942a469036db3ab53bc67b5ddd05b674f2844dbdff2
b7e3f5fe3264de4a77fdeddcb4d9c51b00d2f4c7b938d397c82540eedc450b37
bea20f325f5a8ac1d780e42fe4a19dc86723b94ad01fa9a430a6313cecf329bd
c3c2be650f8b26f1440136df0eb1d3f7c37dfa69c77dd86cc42d8cd9013d4640
d405fc6546f586150e7ad84706c5f7ac76bfcf2765edb3fd11b268d8ccf4145e
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013
eaf51d2754e56e8dd572918c32c9c2065fa528c7d01f6c1451fe7681d047fd7d