camaramucurici.es.gov.br
Open in
urlscan Pro
192.99.176.52
Malicious Activity!
Public Scan
Submitted URL: https://progressweatherford.com/PILOTCONSTRUCTIONLIENWAIVER/PILOT.htm
Effective URL: https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/Main.php?sslchannel=true&sessionid=q3ELyULm8r3qV6AVFoKvgYnGD8...
Submission: On June 27 via manual from IN
Effective URL: https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/Main.php?sslchannel=true&sessionid=q3ELyULm8r3qV6AVFoKvgYnGD8...
Submission: On June 27 via manual from IN
Summary
This website contacted 6 IPs
in 3 countries
across 4 domains to perform 27 HTTP transactions.
The main IP is 192.99.176.52, located in
Montreal, Canada and
belongs to OVH, FR.
The main domain is camaramucurici.es.gov.br.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 25th 2019. Valid for: 3 months.
This is the only time camaramucurici.es.gov.br was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on June 25th 2019. Valid for: 3 months.
This is the only time camaramucurici.es.gov.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 63.247.87.2 63.247.87.2 | 11042 (NTHL) (NTHL - NETWORK TRANSIT HOLDINGS LLC) | |
| 1 23 | 192.99.176.52 192.99.176.52 | 16276 (OVH) (OVH) | |
| 2 | 2a02:26f0:6c0... 2a02:26f0:6c00:183::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a02:26f0:6c0... 2a02:26f0:6c00:28f::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a02:26f0:6c0... 2a02:26f0:6c00:299::2b57 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 27 | 6 |
1
63.247.87.2
(Spring, United States)
ASN11042 (NTHL - NETWORK TRANSIT HOLDINGS LLC, US)
PTR: ns7.waveservice.com
ASN11042 (NTHL - NETWORK TRANSIT HOLDINGS LLC, US)
PTR: ns7.waveservice.com
| progressweatherford.com |
23
192.99.176.52
(Montreal, Canada)
ASN16276 (OVH, FR)
PTR: ip52.ip-192-99-176.net
ASN16276 (OVH, FR)
PTR: ip52.ip-192-99-176.net
| camaramucurici.es.gov.br |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 23 |
camaramucurici.es.gov.br
1 redirects
camaramucurici.es.gov.br |
2 MB |
| 3 |
microsoft.com
www.microsoft.com uhf.microsoft.com |
23 KB |
| 1 |
s-microsoft.com
c.s-microsoft.com |
34 KB |
| 1 |
progressweatherford.com
progressweatherford.com |
315 B |
| 27 | 4 |
| Domain | Requested by | |
|---|---|---|
| 23 | camaramucurici.es.gov.br |
1 redirects
camaramucurici.es.gov.br
|
| 2 | www.microsoft.com |
camaramucurici.es.gov.br
|
| 1 | uhf.microsoft.com | |
| 1 | c.s-microsoft.com |
camaramucurici.es.gov.br
|
| 1 | progressweatherford.com | |
| 27 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| progressweatherford.com cPanel, Inc. Certification Authority |
2019-06-12 - 2019-09-10 |
3 months | crt.sh |
| camaramucurici.es.gov.br Let's Encrypt Authority X3 |
2019-06-25 - 2019-09-23 |
3 months | crt.sh |
| www.microsoft.com Microsoft IT TLS CA 4 |
2018-01-16 - 2020-01-16 |
2 years | crt.sh |
| unistore.www.microsoft.com Microsoft IT TLS CA 5 |
2019-04-30 - 2021-04-30 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/Main.php?sslchannel=true&sessionid=q3ELyULm8r3qV6AVFoKvgYnGD8ex0w6tj1X7rWNnZzmAttx0V0btKYbPw6re3XSkKfupU1ha6dIuTMdol5tauBDNhztXCMngOGEMHk09RPdjyf5GcZ6ABh5UW5scF6Tpsw
Frame ID: 4F643280C7E83D9CA8CB41F876AE1291
Requests: 28 HTTP requests in this frame
Frame:
https://www.microsoft.com/store/buy/cartcount
Frame ID: B836E35732EFB774F693427C0EE216E0
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://progressweatherford.com/PILOTCONSTRUCTIONLIENWAIVER/PILOT.htm Page URL
-
https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive
HTTP 301
https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/ Page URL
- https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/Main.php?sslchannel=true&sessionid=q3ELyU... Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://progressweatherford.com/PILOTCONSTRUCTIONLIENWAIVER/PILOT.htm Page URL
-
https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive
HTTP 301
https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/ Page URL
- https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/Main.php?sslchannel=true&sessionid=q3ELyULm8r3qV6AVFoKvgYnGD8ex0w6tj1X7rWNnZzmAttx0V0btKYbPw6re3XSkKfupU1ha6dIuTMdol5tauBDNhztXCMngOGEMHk09RPdjyf5GcZ6ABh5UW5scF6Tpsw Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive HTTP 301
- https://camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/
27 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
PILOT.htm
progressweatherford.com/PILOTCONSTRUCTIONLIENWAIVER/ |
110 B 315 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
 Cookie set
/
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/ Redirect Chain
|
253 B 633 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
Main.php
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/ |
365 KB 365 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
62-186d68.css
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
146 KB 146 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
override.css
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mscc-0.css
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
knockout-699241a9.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
64 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home-768b7a22.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
462 KB 462 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
42 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
homeappfonts-6650743a.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
188 KB 188 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aria-4cf8a7e2.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
45 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-2.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
84 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
18-d72213
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
125 KB 125 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
meversion
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
11 KB 12 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mscc-0.js
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
RE1Mu3b.png
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hero_devices.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
19 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
feature_any_device.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
feature_offline_access.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
feature_safety.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sidekick_share.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
16 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cartcount.htm
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ Frame B836 |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hero_clouds.svg
camaramucurici.es.gov.br/PILOTCONSTRUCTIONLIENWAIV/onedrive/assets/files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
34 KB 34 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mwfmdl2-v3.07.woff
www.microsoft.com/mwf/_h/v3.07/mwf.app/fonts/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
41 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
_log
uhf.microsoft.com/ |
0 130 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cartcount
www.microsoft.com/store/buy/ Frame B836 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| mscc object| $Config object| FilesConfig object| Homepage object| ko undefined| __extends undefined| __assign object| clienttelemetry_build object| Microsoft object| sct object| microsoft object| MSA object| MeControl function| MejQuery object| msCommonShell0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.s-microsoft.com
camaramucurici.es.gov.br
progressweatherford.com
uhf.microsoft.com
www.microsoft.com
192.99.176.52
2a02:26f0:6c00:183::356e
2a02:26f0:6c00:28f::356e
2a02:26f0:6c00:299::2b57
63.247.87.2
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07ec698b1036cdfbb8892f02d9510f5f671284fca9fa003b883996da040a444b
0bbca5b14608c41882bc8a6dae980570d0f8cc5ba0cb0a3a3ff5b35dca1ac8d8
0eb11b8b06cfff42c15fd64bb74239354cfa81461564aa003345101d67bfdebd
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
18358aa54fce839170c866cd5b28b3e7671e5f81490d4eee29c40cd45e3448ef
1d5dc6065e67ab6eae9d9a9b1fbc3938b1c54dc5cb2545fde23192feed6bbee2
25d54c7f30dc7b1fc88f6dc032a9087044a20165f4aee9350d05ca7ef98d481d
28c68fd8c3d21374261e3a1cd672aa551f01c0b04c2f49c1b53df95f6d1cdd7b
35211f76c4c35c17f2649b96868c0d691f1d78b107f7635d22619948d0ee6880
3711ba98ca34a5bc5ce6b79de62a1a2eee453f413d2123e912d1ae6b0b0c8b33
3d8a9440c1cc7c677f56ec1869ac1cd7c36851dfb9430b7d554137bdb5a75387
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
687738f7d943a2e5d33eab6a13ae98357a9fe9400f5991a69b08caa4b5e56bf6
76185d054aca425130d7880b95c18d19248e4574a1b3af612ebf2af2a207241a
7f31cbb16dd8190854789bd1b43f15ae60940fb79afbb7cfbef664e12f8a247c
837b394c26a196d6c3b6b4e7a9a9dd1520a82e6d29ec514572ad01b5bb148955
977d596ae10ea77c6a86e0a6687ffb03a6a348685af7dd60370b611c426792f9
99683519a4dcf1bcdcf5558a5ff5726f67590d817055109e4a63e98ade64c554
9c64321700fa3868516e4b8e548c3e5a1e3d578dda40fa4e27244a4547f977c8
a02b5e3efc0b512896ba254241100307fd00dc912576f41b0e51a102dd180fa7
b78743ed48fd00f747c5cbc9150699382f8d594f985de557f7fac77bf954986e
be9f210fa202840034cf6dfaf9b54ba543eca56fe82534a077df3fec37812d48
c87516d7dd7077edd467f5b7b085b035cd4803ecf049670ab19de004e270aba8
c8fc143d2edd34c4e596e314502bfe107fc5cfedaf017a65f3413423e5a58e98
cf604d2accb6695c829fea9a75baf2d865f5c765285769427caf0757544a2f65
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d8490eda4c512afb94e2609816b9b14490531a8a0a6a470819f1d2d6f52b0a