account-activedirectory-windowsazure.ipasma.es.gov.br Open in urlscan Pro
69.162.82.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://whoisdomaincontrol.web.app/domain/2020/?user_id
Effective URL:
https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Submission: On April 16 via api (April 16th 2020, 9:19:06 am UTC) from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 69.162.82.146, located in Dallas, United States and belongs to LIMESTONENETWORKS, US. The main domain is account-activedirectory-windowsazure.ipasma.es.gov.br.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 16th 2020. Valid for: 3 months.

This is the only time account-activedirectory-windowsazure.ipasma.es.gov.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
1 1	185.227.81.30 185.227.81.30	209280 (SMARTHOSTEN) (SMARTHOSTEN)
10	69.162.82.146 69.162.82.146	46475 (LIMESTONE...) (LIMESTONENETWORKS)
1	13.224.194.72 13.224.194.72	16509 (AMAZON-02) (AMAZON-02)
12	3

1 151.101.1.195 (United States)

ASN54113 (FASTLY, US)

whoisdomaincontrol.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.227.81.30 (Netherlands) 1 redirects

ASN209280 (SMARTHOSTEN, NL)
PTR: web01.smarthosten.nl

domaincontrol7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 69.162.82.146 (Dallas, United States)

ASN46475 (LIMESTONENETWORKS, US)
PTR: servidor.rminf.com.br

account-activedirectory-windowsazure.ipasma.es.gov.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.72 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-72.fra2.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ipasma.es.gov.br account-activedirectory-windowsazure.ipasma.es.gov.br	629 KB
1	clearbit.com logo.clearbit.com
1	domaincontrol7.com 1 redirects domaincontrol7.com	334 B
1	web.app whoisdomaincontrol.web.app	570 B
12	4

	Domain	Requested by
10	account-activedirectory-windowsazure.ipasma.es.gov.br	whoisdomaincontrol.web.app account-activedirectory-windowsazure.ipasma.es.gov.br
1	logo.clearbit.com	account-activedirectory-windowsazure.ipasma.es.gov.br
1	domaincontrol7.com	1 redirects
1	whoisdomaincontrol.web.app
12	4

This site contains no links.

Subject Issuer	Validity	Valid
web.app GTS CA 1O1	`2020-04-15` - `2021-04-14`	a year	crt.sh
account-activedirectory-windowsazure.ipasma.es.gov.br cPanel, Inc. Certification Authority	`2020-04-16` - `2020-07-15`	3 months	crt.sh
clearbit.com Amazon	`2019-06-18` - `2020-07-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Frame ID: DEB6ED44B948D2FF42AC121EF7641FBE
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://whoisdomaincontrol.web.app/domain/2020/?user_id Page URL
http://domaincontrol7.com/dial/?user_id= HTTP 302
https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email= Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

630 kB
Transfer

627 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://whoisdomaincontrol.web.app/domain/2020/?user_id Page URL
http://domaincontrol7.com/dial/?user_id= HTTP 302
https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 / Show response
whoisdomaincontrol.web.app/domain/2020/ 442 B
570 B 523ms
374ms Document
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://whoisdomaincontrol.web.app/domain/2020/?user_id

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7f719514d7a5f252feb685262391d8c737d8c9dad567d52c9e9101da44234903

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: whoisdomaincontrol.web.app
:scheme: https
:path: /domain/2020/?user_id
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 404
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: 2decc17bc59c3f46cf2d4c9cf417763993517b7a4265a1163c6940fd7ebd6f01
last-modified: Thu, 16 Apr 2020 06:18:26 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Thu, 16 Apr 2020 09:18:48 GMT
x-served-by: cache-ams21055-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1587028728.745172,VS0,VE358
vary: x-fh-requested-host, accept-encoding
content-length: 265

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/
Redirect Chain

http://domaincontrol7.com/dial/?user_id=
https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=

5 KB
5 KB

2375ms
163ms

Document
text/html

69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Requested by: Host: whoisdomaincontrol.web.app
URL: https://whoisdomaincontrol.web.app/domain/2020/?user_id
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache / PHP/5.6.40
Resource Hash: ae30949cc855f44359b563fa8d82b9a954ed6d095a771a1a4d112b0ef2950820

Request headers

Host: account-activedirectory-windowsazure.ipasma.es.gov.br
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://whoisdomaincontrol.web.app/domain/2020/?user_id

Response headers

Date: Thu, 16 Apr 2020 09:18:49 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=5svlu8tgv41c5b4qot7i83coo6; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Thu, 16 Apr 2020 09:18:48 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=2, max=100
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bootstrap.css
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/css/ 138 KB
138 KB 414ms
139ms Stylesheet
text/css 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/css/bootstrap.css
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: 7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:50 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 140936

GET
H/1.1 200
OK pass.css
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/css/ 2 KB
2 KB 815ms
134ms Stylesheet
text/css 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/css/pass.css
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: c3ecd819c228f3b5f551809f771e96f8ae447649e9650994e2510dccc5137b00

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:50 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1920

GET
H/1.1 404
Not Found font-awesome.min.css
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/font-awesome/css/ 0
0 948ms
132ms Stylesheet
text/html 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/font-awesome/css/font-awesome.min.css
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK jquery.min.js Show response
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/ 85 KB
85 KB 1060ms
139ms Script
application/javascript 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/jquery.min.js
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 86926

GET
H/1.1 200
OK popper.min.js Show response
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/ 20 KB
20 KB 1080ms
132ms Script
application/javascript 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/popper.min.js
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 20336

GET
H/1.1 200
OK bootstrap.min.js Show response
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/ 100 KB
100 KB 1246ms
135ms Script
application/javascript 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/js/bootstrap.min.js
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: d2b0cd9f0264ee8a76e7a69f602da0fb22e1c9a9ce171add6af397029de2bfec

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 102078

GET
H2 400 /
logo.clearbit.com/ 0
0 221ms
174ms Image
text/plain 13.224.194.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logo.clearbit.com/
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.194.72 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-72.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H/1.1 200
OK arrow_left.svg
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/ 513 B
758 B 133ms
133ms Image
image/svg+xml 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/arrow_left.svg
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 513

GET
H/1.1 200
OK ellipsis_white.svg
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/ 915 B
1 KB 133ms
132ms Image
image/svg+xml 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/ellipsis_white.svg
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: 6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 915

GET
H/1.1 200
OK background.jpg
account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/ 277 KB
277 KB 136ms
135ms Image
image/jpeg 69.162.82.146
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/images/background.jpg
Requested by: Host: account-activedirectory-windowsazure.ipasma.es.gov.br
URL: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.162.82.146 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: servidor.rminf.com.br
Software: Apache /
Resource Hash: 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer: https://account-activedirectory-windowsazure.ipasma.es.gov.br/auth/assets/css/pass.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 16 Apr 2020 09:18:51 GMT
Last-Modified: Mon, 13 Apr 2020 08:24:31 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 283351

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			account-activedirectory-windowsazure.ipasma.es.gov.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5svlu8tgv41c5b4qot7i83coo6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account-activedirectory-windowsazure.ipasma.es.gov.br
domaincontrol7.com
logo.clearbit.com
whoisdomaincontrol.web.app
13.224.194.72
151.101.1.195
185.227.81.30
69.162.82.146
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7f719514d7a5f252feb685262391d8c737d8c9dad567d52c9e9101da44234903
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
ae30949cc855f44359b563fa8d82b9a954ed6d095a771a1a4d112b0ef2950820
c3ecd819c228f3b5f551809f771e96f8ae447649e9650994e2510dccc5137b00
d2b0cd9f0264ee8a76e7a69f602da0fb22e1c9a9ce171add6af397029de2bfec
d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

account-activedirectory-windowsazure.ipasma.es.gov.br Open in urlscan Pro 69.162.82.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

630 kBTransfer

627 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

account-activedirectory-windowsazure.ipasma.es.gov.br Open in urlscan Pro
69.162.82.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

630 kB
Transfer

627 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!