qual-vet.com.br Open in urlscan Pro
2606:4700:3035::ac43:a3bc Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://qual-vet.com.br/santalines/trackingreference?auth/track
Submission: On May 10 via automatic, source phishtank (May 10th 2021, 4:18:56 am UTC)

Summary HTTP 11 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3035::ac43:a3bc, located in United States and belongs to CLOUDFLARENET, US. The main domain is qual-vet.com.br.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 20th 2020. Valid for: a year.

This is the only time qual-vet.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
11	2606:4700:303... 2606:4700:3035::ac43:a3bc		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

11 2606:4700:3035::ac43:a3bc (United States)

ASN13335 (CLOUDFLARENET, US)

qual-vet.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	qual-vet.com.br qual-vet.com.br	574 KB
11	1

	Domain	Requested by
11	qual-vet.com.br	qual-vet.com.br
11	1

This site contains links to these domains. Also see Links.

Domain
track.dhlparcel.co.uk
www.youtube.com
www.facebook.com
www.linkedin.com
www.instagram.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-20` - `2021-07-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://qual-vet.com.br/santalines/trackingreference?auth/track
Frame ID: BB0120BCA4618B7EB01D795AE6482C8C
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

777 kB
Transfer

1612 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://track.dhlparcel.co.uk/?utm_source=dhl.com&utm_medium=tracking
Title: Go to DHL Parcel UK Tracking

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/dhl
Title: Visit us on

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dhl
Title: Visit us on

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/dhl
Title: Visit us on

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dhl_global/
Title: Visit us on

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request trackingreference Show response qual-vet.com.br/santalines/	1 MB 574 KB	478ms 462ms	Document text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `713bea4c4f383c018195612ff1f0c57b0b163a0d6fb43053d656295f0e0a74a5` Request headers :method GET :authority qual-vet.com.br :scheme https :path /santalines/trackingreference?auth/track pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317; expires=Wed, 09-Jun-21 04:18:37 GMT; path=/; domain=.qual-vet.com.br; HttpOnly; SameSite=Lax; Secure cf-cache-status DYNAMIC cf-request-id 09f618aa2a00004eaa8c2ad000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P2uMiD%2FxIw5zt9ayAyqVrx0JWVMLYUT0C1g0FBDFrRap6imAnDVbdIQTJzrH0oVZJkK6EV%2BbdT45diOacNdPWWlGqxh%2BGzH8KWM%2FBLsZy%2BzlqsfaI9FmoGJgmPo%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 64d05d56ab894eaa-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3-29	404	bundle.42d05e577ad02daf36f0f37173cd30b9.css qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/css/	0 0	26ms 16ms	Stylesheet text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/css/bundle.42d05e577ad02daf36f0f37173cd30b9.css Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest style cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/css/bundle.42d05e577ad02daf36f0f37173cd30b9.css pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VRvqWIoq%2BvmLK8dKSVnRMl1vAjqNFidZclS%2Bl4C4D3ZPgDz04qND8TuuR90P9IEm%2BQtriYfGB3ggA%2BhC5eztuQXivfXTOfDo1nQ1kAI%2Bkz760xzhpNn3V8YLzQw%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa704e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0500004e5091a26000000001
GET H3-29	404	03f859bf58e4d37841070de34be7d978.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	27ms 18ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/03f859bf58e4d37841070de34be7d978.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/03f859bf58e4d37841070de34be7d978.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aBC4C%2FNa31ZnY%2BqOuANwdkTI6ETRe9BXi6rgMfZO4poKyl8FGAapmTMgULiDVI1WBpuvihpKluE0348BBqtlXljotrn0bM9J6%2F0i9d%2FHfHjP3L4m8gqaCdsR%2BVM%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa714e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0600004e50b5188000000001
GET H3-29	404	4a350e02a03ac62e72e9ea575b31ce84.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	24ms 15ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/4a350e02a03ac62e72e9ea575b31ce84.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/4a350e02a03ac62e72e9ea575b31ce84.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p4XntygLpO2XfjsfXvN%2BrCvSF0iBtBtXbb8cCdjuw9Sv0Bk3zINJeuIY3TethZQ96ACkhGa1D7vPoG6NtULIQQUxlw%2F3ntURJCFk49HdWdzkqRMHmyPFK25gM7Q%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa744e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0600004e508034a000000001
GET H3-29	404	4e23ecf085132857bdb54b4da7373151.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	23ms 14ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/4e23ecf085132857bdb54b4da7373151.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/4e23ecf085132857bdb54b4da7373151.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZC9ecZASEvUYTWsX%2Bhh19D5SD9xfvj%2Fk8cXnrQmeZPQPA0jD%2Fj6%2BjDAWAVpM8gvbJvcXYGZ%2BNK%2BWCmzCln0Zvf2QM062d3vk5Woxb2u2ZchVOhyDY3mcmNRvs%2Bo%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa754e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0600004e50153bc000000001
GET H3-29	404	5132a7ca80ea9e18ec8cecc618cf5a0b.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	22ms 13ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/5132a7ca80ea9e18ec8cecc618cf5a0b.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/5132a7ca80ea9e18ec8cecc618cf5a0b.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UJRzauV0PP1JSVIMt0mH4WZ21PSrWRfFmVtoH7IF7Hl0Z2GtmPG1NT7QkGDUUJjVcZn7VQG3YiIewxFP9GIHXeMrLKgG%2FNYf7U6OyBXUpcsE1dXUnoF8VZ3iWyI%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa764e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0600004e50e5158000000001
GET H3-29	404	5344c951fb831328c1d467dc06f04e60.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	27ms 18ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/5344c951fb831328c1d467dc06f04e60.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/5344c951fb831328c1d467dc06f04e60.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MrCFc7%2ByzlogdJcnFIQvv7oUDhPyOInrlsR35%2F659yDay18NenrVhq6u%2BjaoTMAAXikRYuFoWxeIE675ZIeo%2BJOATFM2JSGSXKV3Kd5YHnn1XWMtikkpcYbggLE%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa774e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0600004e50d3833000000001
GET H3-29	404	67dd9346877fd6c6a83d3ce92d6a8adf.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	25ms 16ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/67dd9346877fd6c6a83d3ce92d6a8adf.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/67dd9346877fd6c6a83d3ce92d6a8adf.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1Y%2FzZC9DdwnFl7wH88IrgUfnu%2Ba00i5cN3wcvu3cKeo1NGIijNQvF9j5LhKvNMHvo51wa0HjV%2BMOWUCjAfrG3djRoOT7o%2B0FeyZPGyAOTTFuMEvN7QfKusB8VWU%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa784e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0700004e507db93000000001
GET H3-29	404	c2d3739d2debffea340a58b7b8ab3c61.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	24ms 15ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FOrGNLtd1JYQIqkGWdCh4as%2Blpr74H%2Fu%2BRMGmrU6ZUWe2XMtyT3JjLjZG%2BNP3vTvdZ7KEtSRirzzN0WZbNWkRRPrne8nbx0bVvT2h9ZtDyEI2J0nRMLqQC6GXhE%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa7a4e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0700004e500d15a000000001
GET H3-29	404	d2c082a9f78e61ea7ccefecaca4da8a3.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	23ms 14ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HT8sSR60CUXBkJ%2FuAWS%2BWlmltxB1QulSPWpcxsFysEQhJQ9sISUiPpwhqqbQ%2BkAXF57mkPlELWWdHZEycJF9tUT2%2BdkKqYQEsHRWbEL5bcgzSS4a10U%2FW2gnbb4%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa7b4e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0700004e507db94000000001
GET H3-29	404	e39bd2e2657ce5dd6f9c33df18529233.woff qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/	0 0	25ms 16ms	Font text/html	2606:4700:3035::ac43:a3bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://qual-vet.com.br/etc/clientlibs/dhl/clientlib-all/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff Requested by Host: qual-vet.com.br URL: https://qual-vet.com.br/santalines/trackingreference?auth/track Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:a3bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-fetch-mode cors origin https://qual-vet.com.br accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest font cookie __cfduid=d7c12a37059896f9c6178a165e0c6192e1620620317 :path /etc/clientlibs/dhl/clientlib-all/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept / cache-control no-cache :authority qual-vet.com.br referer https://qual-vet.com.br/santalines/trackingreference?auth/track :scheme https sec-fetch-site same-origin :method GET Origin https://qual-vet.com.br Referer https://qual-vet.com.br/santalines/trackingreference?auth/track User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 10 May 2021 04:18:37 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bSORuhAFb1DoOtbIdplpLK5LfXMhZ9YboUZc84S5mJNz6V03nX%2B9rHGmkI3VsAMC3wd0z%2BxG5E7VsqeHGwFJshCSgzE6jafVuB6xkr7j0%2FXIN3MZ0LzVKjjXmgM%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=2678400 cf-ray 64d05d59aa7c4e50-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09f618ac0700004e50f8b2e000000001
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	51 KB 51 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db154e472ec01a2a6a45576e0e382f42622dd0ec306c1dd594a4090a8b3aa45e` Request headers Origin https://qual-vet.com.br Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	9 KB 9 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `25872db2d1c2c6b58c76ab41bf171906a23078982e363d9bcbce89d61a53a025` Request headers Origin https://qual-vet.com.br Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	47 KB 47 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d8f8520f4c4489713db3fddc7871e7ff437bfb1d9bf13210c6c5bffbd6697a61` Request headers Origin https://qual-vet.com.br Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	48 KB 48 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `254cf231aeb12fa55b835a27e3a065fbdca885e532b1ad1ecaca8337ce996910` Request headers Origin https://qual-vet.com.br Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	35 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4b621cd4ccf986847c5f640d6ab7a713e3355bdd9e1510ccc97d09f150f5955f` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	53 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8da3c9b02ef69da302a40a822adcfa050b0341291124953194341e718808d4e4` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	12 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `acd3eaf2b608fb48f9915964c36772b322ad91106508c4490e2a72122db4d347` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `43027752f5a04142e6518a4fd8ef54e7e73cfba7820da9c03c1ad38835f04fe2` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c32f1a0f5b093b6b2c8f5df0bf93856359769ee6bbab40975043cd133711d528` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	48 KB 48 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `09c684a161aed10b05b23225ed6b67e8270389ef1e2d58b111b53eb1b4165f82` Request headers Origin https://qual-vet.com.br Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f01c2e1870fcd75ceca3b4c42c3110cb0aa4b933b562cf3d2c7ddd20ce03c7ee` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.qual-vet.com.br/	1970-01-19 18:53:32	Name: __cfduid Value: d7c12a37059896f9c6178a165e0c6192e1620620317

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

qual-vet.com.br
2606:4700:3035::ac43:a3bc
09c684a161aed10b05b23225ed6b67e8270389ef1e2d58b111b53eb1b4165f82
254cf231aeb12fa55b835a27e3a065fbdca885e532b1ad1ecaca8337ce996910
25872db2d1c2c6b58c76ab41bf171906a23078982e363d9bcbce89d61a53a025
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
43027752f5a04142e6518a4fd8ef54e7e73cfba7820da9c03c1ad38835f04fe2
4b621cd4ccf986847c5f640d6ab7a713e3355bdd9e1510ccc97d09f150f5955f
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
713bea4c4f383c018195612ff1f0c57b0b163a0d6fb43053d656295f0e0a74a5
8da3c9b02ef69da302a40a822adcfa050b0341291124953194341e718808d4e4
acd3eaf2b608fb48f9915964c36772b322ad91106508c4490e2a72122db4d347
c32f1a0f5b093b6b2c8f5df0bf93856359769ee6bbab40975043cd133711d528
d8f8520f4c4489713db3fddc7871e7ff437bfb1d9bf13210c6c5bffbd6697a61
db154e472ec01a2a6a45576e0e382f42622dd0ec306c1dd594a4090a8b3aa45e
f01c2e1870fcd75ceca3b4c42c3110cb0aa4b933b562cf3d2c7ddd20ce03c7ee

qual-vet.com.br Open in urlscan Pro 2606:4700:3035::ac43:a3bc Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

777 kBTransfer

1612 kBSize

1 Cookies

5 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

Indicators

qual-vet.com.br Open in urlscan Pro
2606:4700:3035::ac43:a3bc Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

777 kB
Transfer

1612 kB
Size

1
Cookies

11 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!