picturecut.tuyoshi.com.br Open in urlscan Pro
200.143.18.141  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index_2019SignedContract.htm Show response picturecut.tuyoshi.com.br/dependencies/jquery/	84 KB 85 KB	516ms 250ms	Document text/html	200.143.18.141 UOL DIVEO S.A.
General Check archive.org Show headers Download Go to Full URL http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm Protocol HTTP/1.1 Server 200.143.18.141 , Brazil, ASN13878 (UOL DIVEO S.A., BR), Reverse DNS plesk.wilive.com.br Software nginx / PleskLin Resource Hash 7731bc940766d773a988cded301bb97d5c405ed301899bc34ff0d482c640293c Request headers Host picturecut.tuyoshi.com.br Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx Date Mon, 27 May 2019 08:12:50 GMT Content-Type text/html Content-Length 86351 Last-Modified Mon, 15 Apr 2019 08:33:36 GMT Connection keep-alive ETag "5cb441e0-1514f" X-Powered-By PleskLin Accept-Ranges bytes
GET H/1.1	200 OK	whv2_001.js Show response l.yimg.com/d/lib/smb/js/hosting/cp/js_source/	669 B 1 KB	61ms 23ms	Script application/javascript	2a00:1288:84:800::1001 YAHOO-AMA
General Check archive.org Show headers Download Go to Full URL http://l.yimg.com/d/lib/smb/js/hosting/cp/js_source/whv2_001.js Requested by Host: picturecut.tuyoshi.com.br URL: http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm Protocol HTTP/1.1 Server 2a00:1288:84:800::1001 , United Kingdom, ASN203219 (YAHOO-AMA, NL), Reverse DNS Software ATS / Resource Hash d4b2dc7b27e58e185c603b96b6d2a115f483e0e2ee31e401f72b459aaef964ca Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 May 2019 06:24:59 GMT Content-Encoding gzip x-amz-meta-created-date Wed, 14 Nov 2012 07:24:48 GMT Age 4995 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1352877888935606 Content-Length 374 Connection keep-alive x-amz-request-id 5EE68C978E2FAE0D x-amz-id-2 XhG+FgS+27v1Gz6CWnSGN+c5OkjLFwQXlH7LXvmWitowe40ekE5cssL4Glu7NrlI/+OLccuRPKI= Referrer-Policy no-referrer-when-downgrade Last-Modified Fri, 18 May 2018 20:37:30 GMT Server ATS ETag "d149430ef145dfd7d23ccb40336ca12e-df" Vary Origin, Accept-Encoding Content-Type application/javascript Cache-Control public,max-age=315360000 Accept-Ranges bytes x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:4a637031-e1fa-4cd6-8e20-ffa3080995d70004ce6f6dfe96b6" Expires Mon, 15 May 2028 20:37:29 GMT
GET DATA	200 OK	truncated /	49 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2202d40e45d69a4efd1f5fc6c8d603d3e849cdcdd39460029589b9119a2949d9 Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	12 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ad3cfa7242cbdc3b8f9126dbf8273043417c2581f11c95385dc46cc80702798 Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	294.gif picturecut.tuyoshi.com.br/dependencies/jquery/files/	3 KB 3 KB	2129ms 2128ms	Image text/html	200.143.18.141 UOL DIVEO S.A.
General Check archive.org Show headers Download Go to Show image Full URL http://picturecut.tuyoshi.com.br/dependencies/jquery/files/294.gif Requested by Host: picturecut.tuyoshi.com.br URL: http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm Protocol HTTP/1.1 Server 200.143.18.141 , Brazil, ASN13878 (UOL DIVEO S.A., BR), Reverse DNS plesk.wilive.com.br Software nginx / PleskLin Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 May 2019 08:12:53 GMT Content-Encoding gzip Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type text/html Connection keep-alive Content-Length 2797
GET H/1.1	502 Cannot find server.	visit.gif visit.webhosting.yahoo.com/	0 0	434ms 306ms	Image text/html	67.195.197.23 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://visit.webhosting.yahoo.com/visit.gif?&r=&b=Netscape%205.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&s=1600x1200&o=Linux%20x86_64&c=24&j=false&v=1.2 Requested by Host: picturecut.tuyoshi.com.br URL: http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm Protocol HTTP/1.1 Server 67.195.197.23 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS mgrats2.geo.vip.bf1.yahoo.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers
GET H/1.1	200 OK	a09b3f7c45b844565402a14d91bdb20f Show response np.lexity.com/embed/YW/	9 KB 4 KB	274ms 148ms	Script text/plain	3.216.199.77 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/a09b3f7c45b844565402a14d91bdb20f?id=9f0ee5f9e020 Requested by Host: picturecut.tuyoshi.com.br URL: http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm Protocol HTTP/1.1 Server 3.216.199.77 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-3-216-199-77.compute-1.amazonaws.com Software / Resource Hash 97709c93f9e48d1982059d84261b0400096e337bb465a62d887228a6934e510b Request headers Referer http://picturecut.tuyoshi.com.br/dependencies/jquery/index_2019SignedContract.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 27 May 2019 07:48:16 GMT content-encoding gzip Connection keep-alive Content-Length 3703

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask number| ycsdone function| geovisit number| w string| v object| oxsrbyuy

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

l.yimg.com
np.lexity.com
picturecut.tuyoshi.com.br
visit.webhosting.yahoo.com
200.143.18.141
2a00:1288:84:800::1001
3.216.199.77
67.195.197.23
2202d40e45d69a4efd1f5fc6c8d603d3e849cdcdd39460029589b9119a2949d9
7731bc940766d773a988cded301bb97d5c405ed301899bc34ff0d482c640293c
7ad3cfa7242cbdc3b8f9126dbf8273043417c2581f11c95385dc46cc80702798
97709c93f9e48d1982059d84261b0400096e337bb465a62d887228a6934e510b
d4b2dc7b27e58e185c603b96b6d2a115f483e0e2ee31e401f72b459aaef964ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855