r3sistemas.com.br Open in urlscan Pro
192.163.203.125 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://x.co/6nZkV
Effective URL:
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C...
Submission: On November 29 via manual (November 29th 2018, 3:46:44 pm UTC) from US

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 192.163.203.125, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is r3sistemas.com.br.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 16th 2018. Valid for: 3 months.

This is the only time r3sistemas.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.40.140.1 45.40.140.1	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
2 2	77.55.252.7 77.55.252.7	15967 (NAZWA) (NAZWA)
1 11	192.163.203.125 192.163.203.125	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
10	1

1 45.40.140.1 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net

x.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.55.252.7 (Poland) 2 redirects

ASN15967 (NAZWA, PL)
PTR: s3.o12.pl

zsebrzeg.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.163.203.125 (Provo, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: srv.publicidadegoiania.com.br

r3sistemas.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	r3sistemas.com.br 1 redirects r3sistemas.com.br	484 KB
2	zsebrzeg.pl 2 redirects zsebrzeg.pl	578 B
1	x.co 1 redirects x.co	97 B
10	3

	Domain	Requested by
11	r3sistemas.com.br	1 redirects r3sistemas.com.br
2	zsebrzeg.pl	2 redirects
1	x.co	1 redirects
10	3

This site contains no links.

Subject Issuer	Validity	Valid
r3sistemas.com.br Let's Encrypt Authority X3	`2018-10-16` - `2019-01-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Frame ID: CC8B250173296180E60BBE9830E33102
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://x.co/6nZkV HTTP 302
http://zsebrzeg.pl/image?id=officer HTTP 301
http://zsebrzeg.pl/image/?id=officer HTTP 302
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/ HTTP 302
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

483 kB
Transfer

483 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://x.co/6nZkV HTTP 302
http://zsebrzeg.pl/image?id=officer HTTP 301
http://zsebrzeg.pl/image/?id=officer HTTP 302
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/ HTTP 302
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request vu7tjguiyzs1gvna75gedco8.php Show response
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/
Redirect Chain

https://x.co/6nZkV
http://zsebrzeg.pl/image?id=officer
http://zsebrzeg.pl/image/?id=officer
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/
https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&...

4 KB
2 KB

194ms
194ms

Document
text/html

192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache / PHP/5.6.38

Resource Hash

d468d1118fb1182dde01cb152aae4983dcbd9f36f37288a2630c54b1c20c4ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: r3sistemas.com.br
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:22 GMT
Server: Apache
X-Powered-By: PHP/5.6.38
Cache-Control: max-age=0, no-transform
Expires: Thu, 29 Nov 2018 15:46:22 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Content-Type-Options: nosniff
Content-Length: 1657
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Thu, 29 Nov 2018 15:46:22 GMT
Server: Apache
X-Powered-By: PHP/5.6.38
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 no-transform
Pragma: no-cache
Set-Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f; path=/
Location: vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
X-UA-Compatible: IE=edge
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Content-Type-Options: nosniff
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK home.css
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/css/ 3 KB
1 KB 191ms
190ms Stylesheet
text/css 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/css/home.css

Requested by

Host: r3sistemas.com.br
URL: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

53e69e5e65f53970ccf1959d625d95efe3509ad84de362bc3ba36148aa27392d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Jun 2018 08:50:12 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=31536000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=5, max=98
Content-Length: 936
Expires: Fri, 29 Nov 2019 15:46:22 GMT

GET
H/1.1 200
OK 1.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 33 KB
33 KB 382ms
190ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/1.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

2198157d1ee29b8b6957684b737d654250088e91cb08abe71d4de7f52b108646

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Content-Length: 33334
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 2.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 140 KB
140 KB 831ms
233ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/2.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

e6a943aa5dd7f7123ffbea4a068250a8d8f9131b48814c288abcbd4d0aba86e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Jun 2018 10:47:28 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 142982
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 3.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 116 KB
117 KB 610ms
206ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/3.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

0677b0bd86269dfb4078afd96b5ae78cb3ae8d2c9bcbe5eea33aaffc809732d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 118907
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 4.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 185 KB
185 KB 640ms
230ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/4.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

f26462d064118c9b7d78a5b023f74b1f9bb653e0ce0720e428be19fea1a3427f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 189081
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 6.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 465 B
927 B 752ms
206ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/6.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

b45ab79e4a9484f17682afa7bd6cb13d2d19d5714614652b70e30b720a7a0dea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:14 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=96
Content-Length: 465
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 7.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 358 B
820 B 943ms
190ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/7.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

09b648b79d47694cad6a6a94b2b7758f5bdbd09c1b1e7bf81b30c4a135631e2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=95
Content-Length: 358
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 5.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 2 KB
2 KB 2196ms
1867ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/5.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

00ced541e81e6600003455e31f510dc530d2bc304292fe0e5bb8ad4ea96d8c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 1921
Expires: Sat, 29 Dec 2018 15:46:23 GMT

GET
H/1.1 200
OK 13.png
r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/ 401 B
864 B 5267ms
4906ms Image
image/png 192.163.203.125
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/repo/img/13.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.163.203.125 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),

Reverse DNS

srv.publicidadegoiania.com.br

Software

Apache /

Resource Hash

0a30956d43221ed177bc7c8b0b18a004112df1e32bb12f4562a5ba6c1418803c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: r3sistemas.com.br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
Cookie: PHPSESSID=2deb030337d1700e08bbcd218266bd2f
Connection: keep-alive
Cache-Control: no-cache
Referer: https://r3sistemas.com.br/ternplate/voicenote-microsoft-outlookoffice365/vu7tjguiyzs1gvna75gedco8.php?client_id=936B43199C5D3C1B82630FB6BE982B1B&response_mode=form_post&response_type=code+id_token&scope=openid+profile&cid=&Connect_Authentication_Properties&&nonce=983662892936b43199c5d3c1b82630fb6be982b1b&redirect_uri=&ui_locales=en-US&mkt=en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 29 Nov 2018 15:46:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 01 Feb 2018 18:30:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=2592000, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 401
Expires: Sat, 29 Dec 2018 15:46:23 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

r3sistemas.com.br
x.co
zsebrzeg.pl
192.163.203.125
45.40.140.1
77.55.252.7
00ced541e81e6600003455e31f510dc530d2bc304292fe0e5bb8ad4ea96d8c7c
0677b0bd86269dfb4078afd96b5ae78cb3ae8d2c9bcbe5eea33aaffc809732d8
09b648b79d47694cad6a6a94b2b7758f5bdbd09c1b1e7bf81b30c4a135631e2a
0a30956d43221ed177bc7c8b0b18a004112df1e32bb12f4562a5ba6c1418803c
2198157d1ee29b8b6957684b737d654250088e91cb08abe71d4de7f52b108646
53e69e5e65f53970ccf1959d625d95efe3509ad84de362bc3ba36148aa27392d
b45ab79e4a9484f17682afa7bd6cb13d2d19d5714614652b70e30b720a7a0dea
d468d1118fb1182dde01cb152aae4983dcbd9f36f37288a2630c54b1c20c4ce1
e6a943aa5dd7f7123ffbea4a068250a8d8f9131b48814c288abcbd4d0aba86e0
f26462d064118c9b7d78a5b023f74b1f9bb653e0ce0720e428be19fea1a3427f

r3sistemas.com.br Open in urlscan Pro 192.163.203.125 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

483 kBTransfer

483 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

r3sistemas.com.br Open in urlscan Pro
192.163.203.125 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

483 kB
Transfer

483 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!