construguayas.gob.ec Open in urlscan Pro
67.225.226.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php#USER@DOMAIN.ch
Effective URL:
https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php
Submission: On October 11 via automatic, source phishtank (October 11th 2020, 7:16:46 am UTC)

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 19 HTTP transactions. The main IP is 67.225.226.82, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is construguayas.gob.ec.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 23rd 2020. Valid for: 3 months.

This is the only time construguayas.gob.ec was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
15	67.225.226.82 67.225.226.82	32244 (LIQUIDWEB) (LIQUIDWEB)
3	151.139.128.8 151.139.128.8	20446 (HIGHWINDS3) (HIGHWINDS3)
1	65.9.96.31 65.9.96.31	16509 (AMAZON-02) (AMAZON-02)
19	4

15 67.225.226.82 (Lansing, United States)

ASN32244 (LIQUIDWEB, US)

construguayas.gob.ec	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.8 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

kit-free.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.96.31 (Seattle, United States)

ASN16509 (AMAZON-02, US)

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	construguayas.gob.ec construguayas.gob.ec	171 KB
3	fontawesome.com kit-free.fontawesome.com	97 KB
1	clearbit.com logo.clearbit.com
19	3

	Domain	Requested by
15	construguayas.gob.ec	construguayas.gob.ec
3	kit-free.fontawesome.com	construguayas.gob.ec kit-free.fontawesome.com
1	logo.clearbit.com	construguayas.gob.ec
19	3

This site contains no links.

Subject Issuer	Validity	Valid
construguayas.gob.ec cPanel, Inc. Certification Authority	`2020-09-23` - `2020-12-22`	3 months	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2019-10-28` - `2020-12-23`	a year	crt.sh
clearbit.com Amazon	`2020-05-20` - `2021-06-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php
Frame ID: 9AF3CBC7033E73A6C63CAE2E50D1991C
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

268 kB
Transfer

759 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Webmail.php Show response construguayas.gob.ec/wp-includes/IXR/photos/	141 KB 35 KB	486ms 129ms	Document text/html	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `c9b9b3d7336b1d617996e1c0f0f7af56cd44119e33d6854879a05a89f75c679c` Request headers :method GET :authority construguayas.gob.ec :scheme https :path /wp-includes/IXR/photos/Webmail.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Sun, 11 Oct 2020 07:16:27 GMT server Apache cache-control max-age=600 expires Sun, 11 Oct 2020 07:26:27 GMT vary Accept-Encoding,User-Agent content-encoding gzip content-length 35192 content-type text/html; charset=UTF-8
GET H2	200	jquery.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	84 KB 29 KB	195ms 193ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/jquery.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 29822 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	jquery-3.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	85 KB 30 KB	203ms 202ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/jquery-3.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 30080 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	css.css construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	1 KB 545 B	181ms 180ms	Stylesheet text/css	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/css.css Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `8f701947ccec193e5d77382be3f43481c0cab84b75dad13a7497c386c7d13a6a` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control max-age=2592000 accept-ranges bytes content-length 441 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	585b051251.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	4 KB 2 KB	182ms 181ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/585b051251.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `78430aacded9bc766ca632d544407a3ded6eb62f7c296f29e668e21feefa5e3b` Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 1709 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	free.css construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	59 KB 13 KB	182ms 181ms	Stylesheet text/css	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `2ee7d7bd8d1d9bfc925f53386e4b0ab58883361cf2f5177c91ef778895a98b88` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control max-age=2592000 accept-ranges bytes content-length 12793 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	free-v4-shims.css construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	26 KB 4 KB	181ms 180ms	Stylesheet text/css	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free-v4-shims.css Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `e7067ebd80b3644eb678de99e0936f638d54628ce9775e304d42300821fd8b79` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type text/css status 200 cache-control max-age=2592000 accept-ranges bytes content-length 4226 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	hover.html construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	2 KB 895 B	181ms 181ms	Stylesheet text/html	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/hover.html Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type text/html status 200 cache-control max-age=600 accept-ranges bytes content-length 853 expires Sun, 11 Oct 2020 07:26:27 GMT
GET H2	200	jquery-3_002.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	68 KB 24 KB	207ms 206ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/jquery-3_002.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398` Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 23898 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	popper.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	19 KB 7 KB	202ms 201ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/popper.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66` Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 6911 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	bootstrap_002.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	48 KB 13 KB	203ms 202ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/bootstrap_002.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b` Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 13105 expires Tue, 10 Nov 2020 07:16:27 GMT
GET H2	200	bootstrap.js Show response construguayas.gob.ec/wp-includes/IXR/photos/Webmail/	50 KB 14 KB	205ms 204ms	Script application/javascript	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/bootstrap.js Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:27 GMT content-encoding gzip last-modified Mon, 21 Sep 2020 22:11:57 GMT server Apache vary Accept-Encoding,User-Agent content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 14085 expires Tue, 10 Nov 2020 07:16:27 GMT
GET DATA	200 OK	truncated /	10 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `99b5561cd177e23d6a81072c2e739d11e0e2f2c591a4a1483c6f15292cdec1ab` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	404	free-fa-solid-900.woff2 construguayas.gob.ec/wp-includes/IXR/photos/webfonts/	0 0	807ms 806ms	Font text/html	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/webfonts/free-fa-solid-900.woff2 Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:28 GMT content-encoding gzip server Apache vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 status 404 cache-control no-cache, must-revalidate, max-age=0 link <https://construguayas.gob.ec/wp-json/>; rel="https://api.w.org/" content-length 7348 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	free-v4-shims.min.css kit-free.fontawesome.com/releases/latest/css/	26 KB 5 KB	91ms 32ms	Stylesheet text/css	151.139.128.8 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/585b051251.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.8 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash `cfff9ea502195a7b96fe38deca9188a59b758deeecc2cd4e78aea7d911e638c6` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:28 GMT content-encoding gzip last-modified Mon, 05 Oct 2020 16:00:41 GMT status 200 etag "1601913641" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding x-hw 1602400588.cds031.pa1.hn,1602400588.cds209.pa1.c content-type text/css access-control-allow-origin * access-control-max-age 3000 cache-control max-age=60, private, must-revalidate access-control-allow-methods GET accept-ranges bytes content-length 4429
GET H2	200	free.min.css kit-free.fontawesome.com/releases/latest/css/	59 KB 14 KB	92ms 33ms	Stylesheet text/css	151.139.128.8 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://kit-free.fontawesome.com/releases/latest/css/free.min.css Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/585b051251.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.8 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash `4f02bd6f018d6f08c37c39f2d114101beac342c2c065046635e5ed0c42853590` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:28 GMT content-encoding gzip last-modified Mon, 05 Oct 2020 16:00:45 GMT status 200 etag "1601913645" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding x-hw 1602400588.cds031.pa1.hn,1602400588.cds027.pa1.c content-type text/css access-control-allow-origin * access-control-max-age 3000 cache-control max-age=60, private, must-revalidate access-control-allow-methods GET accept-ranges bytes content-length 13753
GET H2	404	DOMAIN.ch logo.clearbit.com/	0 0	145ms 58ms	Image text/plain	65.9.96.31 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://logo.clearbit.com/DOMAIN.ch Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.96.31 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	404	free-fa-solid-900.woff construguayas.gob.ec/wp-includes/IXR/photos/webfonts/	0 0	824ms 824ms	Font text/html	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/webfonts/free-fa-solid-900.woff Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:28 GMT content-encoding gzip server Apache vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 status 404 cache-control no-cache, must-revalidate, max-age=0 link <https://construguayas.gob.ec/wp-json/>; rel="https://api.w.org/" content-length 7348 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	free-fa-solid-900.ttf construguayas.gob.ec/wp-includes/IXR/photos/webfonts/	0 0	1038ms 1038ms	Font text/html	67.225.226.82 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://construguayas.gob.ec/wp-includes/IXR/photos/webfonts/free-fa-solid-900.ttf Requested by Host: construguayas.gob.ec URL: https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.225.226.82 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash Request headers Origin https://construguayas.gob.ec Referer https://construguayas.gob.ec/wp-includes/IXR/photos/Webmail/free.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:29 GMT content-encoding gzip server Apache vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 status 404 cache-control no-cache, must-revalidate, max-age=0 link <https://construguayas.gob.ec/wp-json/>; rel="https://api.w.org/" content-length 7347 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	free-fa-solid-900.woff2 kit-free.fontawesome.com/releases/latest/webfonts/	78 KB 79 KB	89ms 31ms	Font font/woff2	151.139.128.8 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://kit-free.fontawesome.com/releases/latest/webfonts/free-fa-solid-900.woff2 Requested by Host: kit-free.fontawesome.com URL: https://kit-free.fontawesome.com/releases/latest/css/free.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.8 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash `01a8d61bd9bb710ec94faf399b0fd995ccbac02771968c87d00df45321595a2d` Request headers Origin https://construguayas.gob.ec Referer https://kit-free.fontawesome.com/releases/latest/css/free.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 11 Oct 2020 07:16:30 GMT last-modified Mon, 05 Oct 2020 16:12:05 GMT status 200 etag "1601914325" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * access-control-max-age 3000 cache-control max-age=60, private, must-revalidate accept-ranges bytes content-length 80284 x-hw 1602400590.cds009.pa1.hn,1602400590.cds027.pa1.c

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

construguayas.gob.ec
kit-free.fontawesome.com
logo.clearbit.com
151.139.128.8
65.9.96.31
67.225.226.82
01a8d61bd9bb710ec94faf399b0fd995ccbac02771968c87d00df45321595a2d
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2ee7d7bd8d1d9bfc925f53386e4b0ab58883361cf2f5177c91ef778895a98b88
4f02bd6f018d6f08c37c39f2d114101beac342c2c065046635e5ed0c42853590
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
78430aacded9bc766ca632d544407a3ded6eb62f7c296f29e668e21feefa5e3b
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8f701947ccec193e5d77382be3f43481c0cab84b75dad13a7497c386c7d13a6a
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
99b5561cd177e23d6a81072c2e739d11e0e2f2c591a4a1483c6f15292cdec1ab
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee
c9b9b3d7336b1d617996e1c0f0f7af56cd44119e33d6854879a05a89f75c679c
cfff9ea502195a7b96fe38deca9188a59b758deeecc2cd4e78aea7d911e638c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7067ebd80b3644eb678de99e0936f638d54628ce9775e304d42300821fd8b79
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

construguayas.gob.ec Open in urlscan Pro 67.225.226.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

268 kBTransfer

759 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Indicators

construguayas.gob.ec Open in urlscan Pro
67.225.226.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

268 kB
Transfer

759 kB
Size

0
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!