urlscan.io logo urlscan.io
SecurityTrails logo

www.ciminogranitosemarmores.com.br Open in urlscan Pro
200.170.192.109  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Submission: On May 30 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 200.170.192.109, located in São Paulo, Brazil and belongs to Telium Telecomunicacoes Ltda, BR. The main domain is www.ciminogranitosemarmores.com.br.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 11th 2020. Valid for: 3 months.
This is the only time www.ciminogranitosemarmores.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BECU Credit Union (Financial)

Domain & IP information

IP Address AS Autonomous System
7 200.170.192.109 11432 (Telium Te...)
7 1
Apex Domain
Subdomains		 Transfer
7 ciminogranitosemarmores.com.br
www.ciminogranitosemarmores.com.br
45 KB
7 1
Domain Requested by
7 www.ciminogranitosemarmores.com.br www.ciminogranitosemarmores.com.br
7 1

This site contains no links.

Subject Issuer Validity Valid
ciminogranitosemarmores.com.br
Let's Encrypt Authority X3		 2020-05-11 -
2020-08-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Frame ID: 57DD27A9726C9BAEC24F8791B8ECE0F0
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

45 kB
Transfer

43 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request step2.php
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache / PHP/7.2.22
Resource Hash
d66078529c130b11f5fae45fc625ca7e1b3dfcee8a927d9d6f28e4401ec5f827
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Host
www.ciminogranitosemarmores.com.br
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:11 GMT
Server
Apache
X-Powered-By
PHP/7.2.22
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Cache-Control
max-age=3600
Expires
Sat, 30 May 2020 02:17:11 GMT
Connection
keep-alive, Keep-Alive
Referrer-Policy
no-referrer
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Expect-CT
enforce, max-age=21600
Content-Length
1052
Keep-Alive
timeout=5, max=100
Content-Type
text/html; charset=UTF-8
b1.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/b1.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
444c7d4abe3df3ec399bad342faa249adf45a8cbd997516503fa6d393106505c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
11264
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 18 May 2018 22:54:48 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Mon, 29 Jun 2020 01:17:12 GMT
b4.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/b4.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
5f67d3a69944909d6ffa1f6bf86b93efa0968c2efb39198e1f52a7f5664e148d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
13499
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 18 May 2018 22:56:00 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
Mon, 29 Jun 2020 01:17:12 GMT
b5.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/b5.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
2708994d4a23a64a7ed5d7d5cf3a736a35aca61a3ce7f515cbe10884fbcd6717
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
5437
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 18 May 2018 22:59:52 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Mon, 29 Jun 2020 01:17:12 GMT
b6.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/b6.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
9ed3a9e9bee7e596871f4fb5eee135dcd15aab848211c47debb6585faba61049
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
2998
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 09 Aug 2018 19:54:18 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Mon, 29 Jun 2020 01:17:12 GMT
b7.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/b7.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
e2daad55cc7ba2a53ae2a8ff5ac60cfb104ed77c380e1a6352308b905d1b05c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
7127
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 18 May 2018 23:00:52 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Mon, 29 Jun 2020 01:17:12 GMT
btn2.png
www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/ 		763 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/images/btn2.png
Requested by
Host: www.ciminogranitosemarmores.com.br
URL: https://www.ciminogranitosemarmores.com.br/modules/mod_ariimageslidersa/lub/BECU1/step2.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
200.170.192.109 São Paulo, Brazil, ASN11432 (Telium Telecomunicacoes Ltda, BR),
Reverse DNS
linux08.intercode.com.br
Software
Apache /
Resource Hash
ac4adc60bc522d1373dd064767de4cae33db55da73e0e33535bd683553beec90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 May 2020 01:17:12 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive, Keep-Alive
Content-Length
763
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 18 May 2018 23:00:40 GMT
Server
Apache
Expect-CT
enforce, max-age=21600
X-Frame-Options
sameorigin
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Mon, 29 Jun 2020 01:17:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BECU Credit Union (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block