lenorepresentacoes.com.br Open in urlscan Pro
162.241.62.116 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ivomarket.ro/ssharing
Effective URL:
https://lenorepresentacoes.com.br/sharing/SHARE/
Submission: On October 21 via manual (October 21st 2022, 4:30:45 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 162.241.62.116, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is lenorepresentacoes.com.br.
TLS certificate: Issued by R3 on September 20th 2022. Valid for: 3 months.

This is the only time lenorepresentacoes.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	93.113.174.50 93.113.174.50	43927 (HOSTERION) (HOSTERION)
1 9	162.241.62.116 162.241.62.116	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
9	2

2 93.113.174.50 (Romania) 1 redirects

ASN43927 (HOSTERION, RO)
PTR: limos.hosterion.net

ivomarket.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 162.241.62.116 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-62-116.unifiedlayer.com

lenorepresentacoes.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	lenorepresentacoes.com.br 1 redirects lenorepresentacoes.com.br	2 MB
2	ivomarket.ro 1 redirects ivomarket.ro	799 B
9	2

	Domain	Requested by
9	lenorepresentacoes.com.br	1 redirects lenorepresentacoes.com.br
2	ivomarket.ro	1 redirects
9	2

This site contains no links.

Subject Issuer	Validity	Valid
*.ivomarket.ro R3	`2022-09-20` - `2022-12-19`	3 months	crt.sh
lenorepresentacoes.com.br R3	`2022-09-20` - `2022-12-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lenorepresentacoes.com.br/sharing/SHARE/
Frame ID: 9A9D694EC443B0843FDB970F43D811B5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File Storage

Page URL History Show full URLs

https://ivomarket.ro/ssharing HTTP 301
https://ivomarket.ro/ssharing/ Page URL
https://lenorepresentacoes.com.br/sharing/SHARE HTTP 301
https://lenorepresentacoes.com.br/sharing/SHARE/ Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2542 kB
Transfer

2555 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ivomarket.ro/ssharing HTTP 301
https://ivomarket.ro/ssharing/ Page URL
https://lenorepresentacoes.com.br/sharing/SHARE HTTP 301
https://lenorepresentacoes.com.br/sharing/SHARE/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ivomarket.ro/ssharing HTTP 301
https://ivomarket.ro/ssharing/

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response ivomarket.ro/ssharing/ Redirect Chain https://ivomarket.ro/ssharing https://ivomarket.ro/ssharing/	145 B 479 B	56ms 56ms	Document text/html	93.113.174.50 HOSTERION
General Check archive.org Show headers Download Go to Full URL https://ivomarket.ro/ssharing/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 93.113.174.50 , Romania, ASN43927 (HOSTERION, RO), Reverse DNS limos.hosterion.net Software nginx / PHP/5.6.40 Resource Hash `30ce2d49242c34d51206d91e58a406fc047a6e65530cd5903df16b0b81b590e7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 126 content-type text/html; charset=UTF-8 date Fri, 21 Oct 2022 16:30:39 GMT server nginx vary Accept-Encoding,User-Agent x-powered-by PHP/5.6.40 x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 707 content-type text/html date Fri, 21 Oct 2022 16:30:39 GMT location https://ivomarket.ro/ssharing/ server nginx vary User-Agent x-turbo-charged-by LiteSpeed
GET H2	200	Primary Request / Show response lenorepresentacoes.com.br/sharing/SHARE/ Redirect Chain https://lenorepresentacoes.com.br/sharing/SHARE https://lenorepresentacoes.com.br/sharing/SHARE/	20 KB 6 KB	1500ms 1499ms	Document text/html	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://lenorepresentacoes.com.br/sharing/SHARE/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `de52eae6894394e3e27dba00da59da18063c7dc40ab7ca14dcc91e831d6f7317` Request headers Referer https://ivomarket.ro/ssharing/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers X-Requested-With access-control-allow-methods GET, POST access-control-allow-origin * cache-control max-age=0 content-encoding gzip content-length 5483 content-type text/html; charset=UTF-8 date Fri, 21 Oct 2022 16:30:41 GMT expires Fri, 21 Oct 2022 16:30:41 GMT server Apache vary Accept-Encoding Redirect headers cache-control max-age=0 content-length 256 content-type text/html; charset=iso-8859-1 date Fri, 21 Oct 2022 16:30:40 GMT expires Fri, 21 Oct 2022 16:30:40 GMT location https://lenorepresentacoes.com.br/sharing/SHARE/ server Apache
GET H2	200	upos.png lenorepresentacoes.com.br/sharing/SHARE/assets/img/	371 KB 374 KB	180ms 178ms	Image image/png	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/upos.png Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `46459d47077a3bb651b6c6789eefeae6b200c5f135bcc4f56c26c00738f6fd78` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT last-modified Sat, 02 Jan 2021 01:28:32 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=10368000, public accept-ranges bytes content-length 379754 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	200	ova.png lenorepresentacoes.com.br/sharing/SHARE/assets/img/	16 KB 16 KB	517ms 515ms	Image image/png	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/ova.png Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `d4594c50bcdb75cc4a51c77c77a089c1bc9d1860f4e50b7ac33039551c82b408` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT last-modified Sat, 02 Jan 2021 01:09:06 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=10368000, public accept-ranges bytes content-length 16538 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	200	welocument.svg lenorepresentacoes.com.br/sharing/SHARE/assets/img/	4 KB 1 KB	677ms 677ms	Image image/svg+xml	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/welocument.svg Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `61dd2216bbb5d02b9f96811864a82dc040abb75ff26c3ee17b8c3ac1d80e4cb3` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT content-encoding gzip last-modified Thu, 10 Sep 2020 21:04:20 GMT server Apache vary Accept-Encoding content-type image/svg+xml cache-control max-age=10368000, public accept-ranges bytes content-length 1321 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	200	offa.png lenorepresentacoes.com.br/sharing/SHARE/assets/img/	15 KB 15 KB	674ms 673ms	Image image/png	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/offa.png Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/=&select= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `691c83e627767460134c73a2c5318ca4a060e8fbc3444b4f07aef717dcf9b7e7` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/=&select= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT last-modified Tue, 08 Sep 2020 04:17:44 GMT server Apache vary Accept-Encoding content-type image/png cache-control max-age=10368000, public accept-ranges bytes content-length 15668 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	200	goo.svg lenorepresentacoes.com.br/sharing/SHARE/assets/img/	1 KB 762 B	673ms 673ms	Image image/svg+xml	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/goo.svg Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/=&select= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `7def9565038652f45cda6e2f7e599563060226c4d9188bbe4a56f0a71fb1f1c2` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/=&select= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT content-encoding gzip last-modified Tue, 08 Sep 2020 03:55:20 GMT server Apache vary Accept-Encoding content-type image/svg+xml cache-control max-age=10368000, public accept-ranges bytes content-length 705 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	200	xck.svg lenorepresentacoes.com.br/sharing/SHARE/assets/img/	7 KB 3 KB	673ms 673ms	Image image/svg+xml	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/xck.svg Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/=&select= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `0c9b5c582762bad1754a6a2a1568e6fa024fde65ca0f69783527ba9c18061260` Request headers accept-language de-DE,de;q=0.9 Referer https://lenorepresentacoes.com.br/sharing/SHARE/=&select= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 16:30:42 GMT content-encoding gzip last-modified Wed, 09 Sep 2020 23:57:34 GMT server Apache vary Accept-Encoding content-type image/svg+xml cache-control max-age=10368000, public accept-ranges bytes content-length 3022 expires Sat, 18 Feb 2023 16:30:42 GMT
GET H2	206	ono.mp4 lenorepresentacoes.com.br/sharing/SHARE/assets/img/	2 MB 2 MB	662ms 661ms	Media video/mp4	162.241.62.116 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://lenorepresentacoes.com.br/sharing/SHARE/assets/img/ono.mp4 Requested by Host: lenorepresentacoes.com.br URL: https://lenorepresentacoes.com.br/sharing/SHARE/=&select= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.62.116 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-62-116.unifiedlayer.com Software Apache / Resource Hash `7c5db3b485ea59e82668a069b198b2ace17e93e647a3c1193460962642e9da71` Request headers Referer https://lenorepresentacoes.com.br/sharing/SHARE/=&select= Accept-Encoding identity;q=1, ;q=0 accept-language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Range bytes=0- Response headers date Fri, 21 Oct 2022 16:30:42 GMT last-modified Sat, 02 Jan 2021 00:53:16 GMT server Apache vary Accept-Encoding content-type video/mp4 Content-Range bytes 0-2170632/2170633 cache-control max-age=10368000, public accept-ranges bytes Content-Length 2170633 expires Sat, 18 Feb 2023 16:30:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lenorepresentacoes.com.br/	1970-01-20 07:36:01	Name: session_token Value: tok

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ivomarket.ro
lenorepresentacoes.com.br
162.241.62.116
93.113.174.50
0c9b5c582762bad1754a6a2a1568e6fa024fde65ca0f69783527ba9c18061260
30ce2d49242c34d51206d91e58a406fc047a6e65530cd5903df16b0b81b590e7
46459d47077a3bb651b6c6789eefeae6b200c5f135bcc4f56c26c00738f6fd78
61dd2216bbb5d02b9f96811864a82dc040abb75ff26c3ee17b8c3ac1d80e4cb3
691c83e627767460134c73a2c5318ca4a060e8fbc3444b4f07aef717dcf9b7e7
7c5db3b485ea59e82668a069b198b2ace17e93e647a3c1193460962642e9da71
7def9565038652f45cda6e2f7e599563060226c4d9188bbe4a56f0a71fb1f1c2
d4594c50bcdb75cc4a51c77c77a089c1bc9d1860f4e50b7ac33039551c82b408
de52eae6894394e3e27dba00da59da18063c7dc40ab7ca14dcc91e831d6f7317

lenorepresentacoes.com.br Open in urlscan Pro 162.241.62.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

2542 kBTransfer

2555 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

lenorepresentacoes.com.br Open in urlscan Pro
162.241.62.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2542 kB
Transfer

2555 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!