alfazemadecor.com.br Open in urlscan Pro
200.98.245.80 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://newhampshirehypnosis.com/wp/wp-content/themes/thehypnosisgroup/new.php
Effective URL:
http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Submission: On April 26 via api (April 26th 2018, 10:05:04 pm UTC) from CA

Summary HTTP 11 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 200.98.245.80, located in Brazil and belongs to Universo Online S.A., BR. The main domain is alfazemadecor.com.br.

This is the only time alfazemadecor.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	69.36.191.199 69.36.191.199	29854 (WESTHOST) (WESTHOST - WestHost)
6	200.98.245.80 200.98.245.80	7162 (Universo ...) (Universo Online S.A.)
5	62.157.140.200 62.157.140.200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
11	2

1 69.36.191.199 (Providence, United States) 1 redirects

ASN29854 (WESTHOST - WestHost, Inc., US)
PTR: 69.36.191.199.static.westdc.net

newhampshirehypnosis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 200.98.245.80 (Brazil)

ASN7162 (Universo Online S.A., BR)
PTR: cphost0076.servidorwebfacil.com

alfazemadecor.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 62.157.140.200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)
PTR: accounts.login.idm.telekom.com

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	alfazemadecor.com.br alfazemadecor.com.br	270 KB
5	telekom.com accounts.login.idm.telekom.com	177 KB
1	newhampshirehypnosis.com 1 redirects newhampshirehypnosis.com	301 B
11	3

	Domain	Requested by
6	alfazemadecor.com.br	alfazemadecor.com.br
5	accounts.login.idm.telekom.com	alfazemadecor.com.br
1	newhampshirehypnosis.com	1 redirects
11	3

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de
www.telekom.de
www.telekom.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Frame ID: 135B7F89BBDAAE9E6495556B12A44A16
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://newhampshirehypnosis.com/wp/wp-content/themes/thehypnosisgroup/new.php HTTP 301
http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

448 kB
Transfer

444 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://meinkonto.telekom-dienste.de/wiederherstellung/passwort/index.xhtml
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: http://www.telekom.de/kc/login/registrieren
Title: Jetzt registrieren

Search URL Search Domain Scan URL

URL: https://www.telekom.com/impressum
Title: Impressum

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://newhampshirehypnosis.com/wp/wp-content/themes/thehypnosisgroup/new.php HTTP 301
http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request auth12a1.html Show response
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/
Redirect Chain

http://newhampshirehypnosis.com/wp/wp-content/themes/thehypnosisgroup/new.php
http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html

8 KB
9 KB

709ms
233ms

Document
text/html

200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: f4bdd94ae4110f76fc743176491fc08ad118e75d6390da9f2d3f12854cbedcd6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:53 GMT
Last-Modified: Fri, 31 Mar 2017 09:57:46 GMT
Server: Apache
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8488

Redirect headers

Location: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Date: Thu, 26 Apr 2018 22:04:52 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK components.min.css
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/ 88 KB
88 KB 233ms
232ms Stylesheet
text/css 200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Requested by: Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: 435a94fe41e7c575f3981c98b9d44b45853b0aba3a7e97e6ceb4ae26711d0657

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:53 GMT
Last-Modified: Wed, 18 Nov 2015 15:49:40 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 89759

GET
H/1.1 200
OK login.css
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/factorx/vdplus/css/ 6 KB
6 KB 237ms
237ms Stylesheet
text/css 200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/factorx/vdplus/css/login.css
Requested by: Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: ddb8c6fcd97c6216f6293cea9de34f9730ffca03374de6dec4f89b6802cb0928

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:53 GMT
Last-Modified: Wed, 14 Dec 2016 11:30:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6290

GET
H/1.1 200
OK jquery-1.11.3.min.js Show response
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/js/ 94 KB
94 KB 471ms
237ms Script
application/javascript 200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/js/jquery-1.11.3.min.js
Requested by: Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
Last-Modified: Wed, 28 Oct 2015 12:37:38 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 95957

GET
H/1.1 200
OK components.min.js Show response
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/js/ 66 KB
67 KB 473ms
238ms Script
application/javascript 200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/js/components.min.js
Requested by: Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: e5a1bef74748388cadf99777549feff118627b888816a6f57fc0fb36e3cad57f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
Last-Modified: Wed, 28 Oct 2015 12:54:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 67839

GET
H/1.1 200
OK login.js Show response
alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/factorx/vdplus/js/ 7 KB
7 KB 474ms
236ms Script
application/javascript 200.98.245.80
Universo Online S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/factorx/vdplus/js/login.js
Requested by: Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Protocol: HTTP/1.1
Server: 200.98.245.80 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS: cphost0076.servidorwebfacil.com
Software: Apache /
Resource Hash: d3f14d30fdf827b2b3fbbd044f6d6b9bf26751a457f2a68ef89308fdc2ac5b7b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: alfazemadecor.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
Last-Modified: Wed, 14 Dec 2016 11:30:00 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6892

GET
H/1.1 200
OK telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 54 KB
54 KB 44ms
11ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-regular.woff

Requested by

Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

21d4dc49ec496581969051f9f542afee01f9029e7db6112bff99e7be2942de53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Origin: http://alfazemadecor.com.br

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
SH: 48a2a2f8015144cc8362d02caadc02cf
Last-Modified: Fri, 09 Feb 2018 10:23:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://alfazemadecor.com.br
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 55044
Expires: Thu, 03 May 2018 22:04:54 GMT

GET
H/1.1 200
OK telekomicon-outline.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 9 KB
9 KB 42ms
10ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telekomicon-outline.woff

Requested by

Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

e185aceb03040c947c211bc9e972ce427f11c5801338fd8f943e3b53e229eb3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Origin: http://alfazemadecor.com.br

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
SH: a5b6a809f8ccc6e37f4f15b5c801eaf3
Last-Modified: Wed, 14 Feb 2018 13:16:55 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://alfazemadecor.com.br
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 8756
Expires: Thu, 03 May 2018 22:04:54 GMT

GET
H/1.1 200
OK telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 53 KB
53 KB 42ms
10ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-bold.woff

Requested by

Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

e1b1f6b64573c86c3b9f5f023ab7e791a074dbccb87d61e886cb6fa659ba9485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Origin: http://alfazemadecor.com.br

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
SH: 111d007b5fbc0de380d01f5690ba5809
Last-Modified: Wed, 14 Feb 2018 10:15:20 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://alfazemadecor.com.br
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 53864
Expires: Thu, 03 May 2018 22:04:54 GMT

GET
H/1.1 200
OK telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 57 KB
58 KB 42ms
11ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telegroteskscreen-thin.woff

Requested by

Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/co.intex/auth12a1.html

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

43493c8fdfe7935a395920ef619a4dc56c440479ce190ad2ac1df8e23acc5595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Origin: http://alfazemadecor.com.br

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
SH: 3b2430a5c08cf74596adff30f0ade392
Last-Modified: Thu, 15 Feb 2018 14:15:56 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://alfazemadecor.com.br
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=1000
Content-Length: 58656
Expires: Thu, 03 May 2018 22:04:54 GMT

GET
H/1.1 200
OK telekomicon-ui.woff
accounts.login.idm.telekom.com/static/vdplus/fonts/ 3 KB
3 KB 11ms
10ms Font
application/x-font-woff 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/vdplus/fonts/telekomicon-ui.woff

Requested by

Host: alfazemadecor.com.br
URL: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Server

62.157.140.200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

345466d497966801ab4b5390c09e49d03f2ede8539bd35a56e25ed15bb2dc80e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: http://alfazemadecor.com.br/wp-admin/css/telekom/saxrix/static/vdplus/css/components.min.css
Origin: http://alfazemadecor.com.br

Response headers

Date: Thu, 26 Apr 2018 22:04:54 GMT
SH: 3b2430a5c08cf74596adff30f0ade392
Last-Modified: Thu, 15 Feb 2018 14:15:56 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Access-Control-Allow-Origin: http://alfazemadecor.com.br
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/x-font-woff
Keep-Alive: timeout=2, max=999
Content-Length: 2676
Expires: Thu, 03 May 2018 22:04:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
alfazemadecor.com.br
newhampshirehypnosis.com
200.98.245.80
62.157.140.200
69.36.191.199
21d4dc49ec496581969051f9f542afee01f9029e7db6112bff99e7be2942de53
345466d497966801ab4b5390c09e49d03f2ede8539bd35a56e25ed15bb2dc80e
43493c8fdfe7935a395920ef619a4dc56c440479ce190ad2ac1df8e23acc5595
435a94fe41e7c575f3981c98b9d44b45853b0aba3a7e97e6ceb4ae26711d0657
d3f14d30fdf827b2b3fbbd044f6d6b9bf26751a457f2a68ef89308fdc2ac5b7b
ddb8c6fcd97c6216f6293cea9de34f9730ffca03374de6dec4f89b6802cb0928
e185aceb03040c947c211bc9e972ce427f11c5801338fd8f943e3b53e229eb3e
e1b1f6b64573c86c3b9f5f023ab7e791a074dbccb87d61e886cb6fa659ba9485
e5a1bef74748388cadf99777549feff118627b888816a6f57fc0fb36e3cad57f
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
f4bdd94ae4110f76fc743176491fc08ad118e75d6390da9f2d3f12854cbedcd6

alfazemadecor.com.br Open in urlscan Pro 200.98.245.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

448 kBTransfer

444 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

alfazemadecor.com.br Open in urlscan Pro
200.98.245.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

448 kB
Transfer

444 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!