selectlocadora.com.br

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 177.85.98.117, located in Brazil and belongs to GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR. The main domain is selectlocadora.com.br.

This is the only time selectlocadora.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 3	185.27.134.214 185.27.134.214	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
5 9	177.85.98.117 177.85.98.117	262603 (GX INTERN...) (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA)
6	2

3 185.27.134.214 (United Kingdom) 1 redirects

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: 21413427185.ifastnet.org

twmla.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 177.85.98.117 (Brazil) 5 redirects

ASN262603 (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR)
PTR: hserv31.homehost.com.br

selectlocadora.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	selectlocadora.com.br 5 redirects selectlocadora.com.br	41 KB
3	twmla.org 1 redirects twmla.org	32 KB
6	2

	Domain	Requested by
9	selectlocadora.com.br	5 redirects twmla.org selectlocadora.com.br
3	twmla.org	1 redirects twmla.org
6	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR
Frame ID: B26ABF20901B21CB4B6A460A3B1486EF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Page URL
http://twmla.org/wp-content/uploads/2018/12/red.php?i=2 HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/ HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169 HTTP 301
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/ HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/mya... HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/ind... HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/mya... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

70 kB
Transfer

140 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Page URL
http://twmla.org/wp-content/uploads/2018/12/red.php?i=2 HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/ HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169 HTTP 301
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/ HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/identity/INC/antibot7.php HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/indexx.php HTTP 302
http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	red.php Show response twmla.org/wp-content/uploads/2018/12/	854 B 845 B	88ms 26ms	Document text/html	185.27.134.214 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Protocol HTTP/1.1 Server 185.27.134.214 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS 21413427185.ifastnet.org Software nginx / Resource Hash `f37502cffc0ae3fa92d02f6c686482a10ca69fca3386b4dc8a845dd7abdc5f61` Request headers Host twmla.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx Date Mon, 03 Dec 2018 08:58:43 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Expires Thu, 01 Jan 1970 00:00:01 GMT Cache-Control no-cache Content-Encoding gzip
GET H/1.1	200 OK	aes.js Show response twmla.org/	30 KB 31 KB	28ms 27ms	Script application/javascript	185.27.134.214 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://twmla.org/aes.js Requested by Host: twmla.org URL: http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Protocol HTTP/1.1 Server 185.27.134.214 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS 21413427185.ifastnet.org Software nginx / Resource Hash `d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host twmla.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Connection keep-alive Cache-Control no-cache Referer http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 03 Dec 2018 08:58:43 GMT Last-Modified Sat, 08 Aug 2015 08:12:26 GMT Server nginx ETag "55c5b9ea-79e6" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 31206
GET H/1.1	200 OK	Primary Request / Show response selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/ Redirect Chain http://twmla.org/wp-content/uploads/2018/12/red.php?i=2 http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/ http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169 http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/ http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/identity/INC/antibot7.php http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/indexx.php http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR	7 KB 3 KB	211ms 210ms	Document text/html	177.85.98.117 GX INTERNET E WEB...
General Check archive.org Show headers Download Go to Full URL http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Requested by Host: twmla.org URL: http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Protocol HTTP/1.1 Server 177.85.98.117 , Brazil, ASN262603 (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR), Reverse DNS hserv31.homehost.com.br Software Apache / PHP/5.6.38 Resource Hash `adfddd01ee299e8a43afae6e7a0f80c0b540b19df7cdeb9d63b50c349e24b196` Request headers Host selectlocadora.com.br Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Accept-Encoding gzip, deflate Cookie PHPSESSID=857cb020800218b66361af06832c5645 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://twmla.org/wp-content/uploads/2018/12/red.php?i=1 Response headers Server Apache X-Powered-By PHP/5.6.38 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Referrer-Policy Content-Type text/html; charset=UTF-8 Content-Length 2230 Accept-Ranges bytes Date Mon, 03 Dec 2018 08:59:12 GMT X-Varnish 297015561 Age 0 Via 1.1 varnish Connection keep-alive Redirect headers Server Apache X-Powered-By PHP/5.6.38 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache LOCATION myaccount/signin/?country.x=BR&locale.x=en_BR Vary User-Agent Referrer-Policy Content-Type text/html; charset=UTF-8 Content-Length 0 Accept-Ranges bytes Date Mon, 03 Dec 2018 08:59:12 GMT X-Varnish 297015560 Age 0 Via 1.1 varnish Connection keep-alive
GET H/1.1	200 OK	L-Z118.css selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/css/	13 KB 4 KB	142ms 142ms	Stylesheet text/css	177.85.98.117 GX INTERNET E WEB...
General Check archive.org Show headers Download Go to Full URL http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/css/L-Z118.css Requested by Host: selectlocadora.com.br URL: http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Protocol HTTP/1.1 Server 177.85.98.117 , Brazil, ASN262603 (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR), Reverse DNS hserv31.homehost.com.br Software Apache / W3 Total Cache/0.9.7 Resource Hash `1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host selectlocadora.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Cookie PHPSESSID=857cb020800218b66361af06832c5645 Connection keep-alive Cache-Control no-cache Referer http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 03 Dec 2018 08:59:12 GMT Content-Encoding gzip Age 0 X-Powered-By W3 Total Cache/0.9.7 Connection keep-alive Content-Length 3306 Pragma public Referrer-Policy Last-Modified Mon, 03 Dec 2018 08:59:11 GMT Server Apache ETag "3332-57c1a5cc5c561-gzip" Vary Accept-Encoding,User-Agent X-Varnish 297015562 Via 1.1 varnish Cache-Control max-age=31536000, public Accept-Ranges bytes Content-Type text/css Expires Tue, 03 Dec 2019 08:59:12 GMT
GET H/1.1	200 OK	jquery.js Show response selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/js/	84 KB 30 KB	249ms 116ms	Script application/x-javascript	177.85.98.117 GX INTERNET E WEB...
General Check archive.org Show headers Download Go to Full URL http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/js/jquery.js Requested by Host: selectlocadora.com.br URL: http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Protocol HTTP/1.1 Server 177.85.98.117 , Brazil, ASN262603 (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR), Reverse DNS hserv31.homehost.com.br Software Apache / W3 Total Cache/0.9.7 Resource Hash `2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host selectlocadora.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Cookie PHPSESSID=857cb020800218b66361af06832c5645 Connection keep-alive Cache-Control no-cache Referer http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 03 Dec 2018 08:59:12 GMT Content-Encoding gzip Age 0 X-Powered-By W3 Total Cache/0.9.7 Connection keep-alive Content-Length 30011 Pragma public Referrer-Policy Last-Modified Mon, 03 Dec 2018 08:59:11 GMT Server Apache ETag "15147-57c1a5cc5d501-gzip" Vary Accept-Encoding,User-Agent X-Varnish 297015563 Via 1.1 varnish Cache-Control max-age=31536000, public Accept-Ranges bytes Content-Type application/x-javascript Expires Tue, 03 Dec 2019 08:59:12 GMT
GET H/1.1	200 OK	kl_h4aXX6987PO.svg selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/img/	5 KB 2 KB	112ms 112ms	Image image/svg+xml	177.85.98.117 GX INTERNET E WEB...
General Check archive.org Show headers Download Go to Show image Full URL http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/img/kl_h4aXX6987PO.svg Requested by Host: selectlocadora.com.br URL: http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/myaccount/signin/?country.x=BR&locale.x=en_BR Protocol HTTP/1.1 Server 177.85.98.117 , Brazil, ASN262603 (GX INTERNET E WEB HOSTING SERV DE INFORMATICA LTDA, BR), Reverse DNS hserv31.homehost.com.br Software Apache / W3 Total Cache/0.9.7 Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host selectlocadora.com.br User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/css/L-Z118.css Cookie PHPSESSID=857cb020800218b66361af06832c5645 Connection keep-alive Cache-Control no-cache Referer http://selectlocadora.com.br/wp-admin/includes/admin/Service/help/customer_center/customer-IDPP00C169/lib/css/L-Z118.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 03 Dec 2018 08:59:12 GMT Content-Encoding gzip Age 0 X-Powered-By W3 Total Cache/0.9.7 Connection keep-alive Content-Length 1929 Pragma public Referrer-Policy Server Apache ETag "1351-57c1a5cc5cd31-gzip" Vary Accept-Encoding,User-Agent X-Varnish 297015564 Via 1.1 varnish Cache-Control max-age=31536000, public, public Accept-Ranges bytes bytes Content-Type image/svg+xml Expires Tue, 03 Dec 2019 08:59:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			selectlocadora.com.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: 857cb020800218b66361af06832c5645

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

selectlocadora.com.br
twmla.org
177.85.98.117
185.27.134.214
1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
adfddd01ee299e8a43afae6e7a0f80c0b540b19df7cdeb9d63b50c349e24b196
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
f37502cffc0ae3fa92d02f6c686482a10ca69fca3386b4dc8a845dd7abdc5f61

selectlocadora.com.br Open in urlscan Pro 177.85.98.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

70 kBTransfer

140 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

selectlocadora.com.br Open in urlscan Pro
177.85.98.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

70 kB
Transfer

140 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!