www.baculere.com.br - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 187.73.33.66, located in Brazil and belongs to Digirati Informatica, servicos e telecomunicacoes, BR. The main domain is www.baculere.com.br.
TLS certificate: Issued by R3 on September 23rd 2022. Valid for: 3 months.

This is the only time www.baculere.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	187.73.33.66 187.73.33.66	262672 (Digirati ...) (Digirati Informatica)
2	103.134.152.4 103.134.152.4	138608 (CLOUDHOST...) (CLOUDHOST-AS-AP Cloud Host Pte Ltd)
4	3

1 187.73.33.66 (Brazil)

ASN262672 (Digirati Informatica, servicos e telecomunicacoes, BR)
PTR: web122.f1.k8.com.br

www.baculere.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.134.152.4 (Singapore)

ASN138608 (CLOUDHOST-AS-AP Cloud Host Pte Ltd, SG)
PTR: sgz11.cloudhost.id

digitaldatabase.my.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	digitaldatabase.my.id digitaldatabase.my.id	936 KB
1	baculere.com.br www.baculere.com.br	1 KB
0	Failed function sub() { [native code] }. Failed
4	3

	Domain	Requested by
2	digitaldatabase.my.id	www.baculere.com.br
1	www.baculere.com.br
0	localhost Failed	www.baculere.com.br
4	3

This site contains no links.

Subject Issuer	Validity	Valid
www.baculere.com.br R3	`2022-09-23` - `2022-12-22`	3 months	crt.sh
digitaldatabase.my.id R3	`2022-10-10` - `2023-01-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.baculere.com.br/bkp/ig/i/indexfr.php?email=alfonso.iglesia%40cuatrecasas.com&https-wetransfer.com-downloads-1c0ced943cb26fcf2c91a98230902323-230920n8=ncv9uernnund0943%3D20j8n34-934-239nfnlncnvberodfnnf-miuhdfn9ernfoonernf-mneudfner-nmkbdfndf1ae6b27952020220729134106b8fc56
Frame ID: 8A758B6FC78C90C87561B09868FB737F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fichier envoyé à alfonso.iglesia@cuatrecasas.com

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

938 kB
Transfer

938 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.baculere.com.br/bkp/ig/i/assets/bootstrap/js/bootstrap.min.js HTTP 302
http://localhost/idlogical/erros/404.php

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request indexfr.php Show response www.baculere.com.br/bkp/ig/i/	2 KB 1 KB	717ms 214ms	Document text/html	187.73.33.66 Digirati Informatica
General Check archive.org Show headers Download Go to Full URL https://www.baculere.com.br/bkp/ig/i/indexfr.php?email=alfonso.iglesia%40cuatrecasas.com&https-wetransfer.com-downloads-1c0ced943cb26fcf2c91a98230902323-230920n8=ncv9uernnund0943%3D20j8n34-934-239nfnlncnvberodfnnf-miuhdfn9ernfoonernf-mneudfner-nmkbdfndf1ae6b27952020220729134106b8fc56 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 187.73.33.66 , Brazil, ASN262672 (Digirati Informatica, servicos e telecomunicacoes, BR), Reverse DNS web122.f1.k8.com.br Software Apache / Resource Hash `83a8f84c806793ff9bb4808063637cfd70b7769aa38a599a4cd49fa5ec7391ed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control private, must-revalidate content-encoding gzip content-length 1015 content-type text/html; charset=UTF-8 date Tue, 15 Nov 2022 22:55:11 GMT expires Tue, 15 Nov 2022 23:05:11 GMT server Apache vary Accept-Encoding
GET H2	200	wt.png digitaldatabase.my.id/wp-content/uploads/2022/10/	125 KB 125 KB	1425ms 343ms	Image image/png	103.134.152.4 CLOUDHOST-AS-AP C...
General Check archive.org Show headers Download Go to Show image Full URL https://digitaldatabase.my.id/wp-content/uploads/2022/10/wt.png Requested by Host: www.baculere.com.br URL: https://www.baculere.com.br/bkp/ig/i/indexfr.php?email=alfonso.iglesia%40cuatrecasas.com&https-wetransfer.com-downloads-1c0ced943cb26fcf2c91a98230902323-230920n8=ncv9uernnund0943%3D20j8n34-934-239nfnlncnvberodfnnf-miuhdfn9ernfoonernf-mneudfner-nmkbdfndf1ae6b27952020220729134106b8fc56 Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.134.152.4 , Singapore, ASN138608 (CLOUDHOST-AS-AP Cloud Host Pte Ltd, SG), Reverse DNS sgz11.cloudhost.id Software LiteSpeed / Resource Hash `baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5` Request headers accept-language de-DE,de;q=0.9 Referer https://www.baculere.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 22:55:12 GMT last-modified Sun, 13 Nov 2022 02:06:01 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 128338 expires Tue, 22 Nov 2022 22:55:12 GMT
GET		404.php localhost/idlogical/erros/ Redirect Chain https://www.baculere.com.br/bkp/ig/i/assets/bootstrap/js/bootstrap.min.js http://localhost/idlogical/erros/404.php	0 0

GET H2	200	bg7.png digitaldatabase.my.id/wp-content/uploads/2022/10/	810 KB 811 KB	1407ms 342ms	Image image/png	103.134.152.4 CLOUDHOST-AS-AP C...
General Check archive.org Show headers Download Go to Show image Full URL https://digitaldatabase.my.id/wp-content/uploads/2022/10/bg7.png Requested by Host: www.baculere.com.br URL: https://www.baculere.com.br/bkp/ig/i/indexfr.php?email=alfonso.iglesia%40cuatrecasas.com&https-wetransfer.com-downloads-1c0ced943cb26fcf2c91a98230902323-230920n8=ncv9uernnund0943%3D20j8n34-934-239nfnlncnvberodfnnf-miuhdfn9ernfoonernf-mneudfner-nmkbdfndf1ae6b27952020220729134106b8fc56 Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.134.152.4 , Singapore, ASN138608 (CLOUDHOST-AS-AP Cloud Host Pte Ltd, SG), Reverse DNS sgz11.cloudhost.id Software LiteSpeed / Resource Hash `a30d676d5acc7fda0731bf303702f835b002253e12328254da85f286784fad68` Request headers accept-language de-DE,de;q=0.9 Referer https://www.baculere.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 22:55:12 GMT last-modified Sun, 13 Nov 2022 02:03:00 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 829712 expires Tue, 22 Nov 2022 22:55:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: localhost
URL: http://localhost/idlogical/erros/404.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

digitaldatabase.my.id
localhost
www.baculere.com.br
localhost
103.134.152.4
187.73.33.66
83a8f84c806793ff9bb4808063637cfd70b7769aa38a599a4cd49fa5ec7391ed
a30d676d5acc7fda0731bf303702f835b002253e12328254da85f286784fad68
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

www.baculere.com.br Open in urlscan Pro 187.73.33.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

75 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

938 kBTransfer

938 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.baculere.com.br Open in urlscan Pro
187.73.33.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

938 kB
Transfer

938 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!