mwhtelecom.com.br
Open in
urlscan Pro
162.241.95.71
Malicious Activity!
Public Scan
Submitted URL: https://www.gi-reproductiva.com/ads/b5/peace.php
Effective URL: https://mwhtelecom.com.br/ads.microsoft/Login.html
Submission: On March 28 via manual from FR — Scanned from FR
Effective URL: https://mwhtelecom.com.br/ads.microsoft/Login.html
Submission: On March 28 via manual from FR — Scanned from FR
Summary
This website contacted 7 IPs
in 3 countries
across 7 domains to perform 18 HTTP transactions.
The main IP is 162.241.95.71, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is mwhtelecom.com.br.
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.
This is the only time mwhtelecom.com.br was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.
This is the only time mwhtelecom.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 162.241.61.49 162.241.61.49 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 1 12 | 162.241.95.71 162.241.95.71 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 18 | 7 |
1
162.241.61.49
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-61-49.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-61-49.unifiedlayer.com
| www.gi-reproductiva.com |
12
162.241.95.71
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vps-3954526.elicast.com.br
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vps-3954526.elicast.com.br
| mwhtelecom.com.br |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
mwhtelecom.com.br
1 redirects
mwhtelecom.com.br |
340 KB |
| 3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 107 ajax.googleapis.com — Cisco Umbrella Rank: 409 |
32 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
13 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 333 |
11 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 521 |
15 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 882 |
30 KB |
| 1 |
gi-reproductiva.com
1 redirects
www.gi-reproductiva.com |
119 B |
| 18 | 7 |
| Domain | Requested by | |
|---|---|---|
| 12 | mwhtelecom.com.br |
1 redirects
mwhtelecom.com.br
|
| 2 | fonts.googleapis.com |
mwhtelecom.com.br
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | cdnjs.cloudflare.com |
mwhtelecom.com.br
|
| 1 | cdn.jsdelivr.net |
mwhtelecom.com.br
|
| 1 | ajax.googleapis.com |
mwhtelecom.com.br
|
| 1 | code.jquery.com |
mwhtelecom.com.br
|
| 1 | www.gi-reproductiva.com | 1 redirects |
| 18 | 8 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| mwhtelecom.com.br R3 |
2022-02-06 - 2022-05-07 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mwhtelecom.com.br/ads.microsoft/Login.html
Frame ID: AE83D8D64EB4982814D4935E10DA9F4F
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Sign in to Microsoft AdvertisingPage URL History Show full URLs
-
https://www.gi-reproductiva.com/ads/b5/peace.php
HTTP 302
https://mwhtelecom.com.br/ads.microsoft HTTP 301
https://mwhtelecom.com.br/ads.microsoft/ Page URL
- https://mwhtelecom.com.br/ads.microsoft/Login.html Page URL
Detected technologies
Materialize CSS
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href="[^"]*materialize(?:\.min)?\.css
- materialize(?:\.min)?\.js
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
SweetAlert
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sweet(?:-)?alert(?:\.min)?\.js
SweetAlert2
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sweetalert2(?:\.all)?(?:\.min)?\.js
- /npm/sweetalert2@([\d.]+)
- sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.gi-reproductiva.com/ads/b5/peace.php
HTTP 302
https://mwhtelecom.com.br/ads.microsoft HTTP 301
https://mwhtelecom.com.br/ads.microsoft/ Page URL
- https://mwhtelecom.com.br/ads.microsoft/Login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.gi-reproductiva.com/ads/b5/peace.php HTTP 302
- https://mwhtelecom.com.br/ads.microsoft HTTP 301
- https://mwhtelecom.com.br/ads.microsoft/
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
mwhtelecom.com.br/ads.microsoft/ Redirect Chain
|
234 B 475 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
Login.html
mwhtelecom.com.br/ads.microsoft/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon
fonts.googleapis.com/ |
569 B 868 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 634 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
normalize.css
mwhtelecom.com.br/ads.microsoft/css/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
materialize.min.css
mwhtelecom.com.br/ads.microsoft/css/ |
139 KB 139 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loginStyle.css
mwhtelecom.com.br/ads.microsoft/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spinner.css
mwhtelecom.com.br/ads.microsoft/asset/css/ |
791 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.svg
mwhtelecom.com.br/ads.microsoft/images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
materialize.min.js
mwhtelecom.com.br/ads.microsoft/js/ |
177 KB 177 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
routie.min.js
mwhtelecom.com.br/ads.microsoft/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loginScript.js
mwhtelecom.com.br/ads.microsoft/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sweetalert2.all.min.js
cdn.jsdelivr.net/npm/sweetalert2@7.26.11/dist/ |
60 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sweetalert.min.js
cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/ |
40 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
log.js
mwhtelecom.com.br/ads.microsoft/common/ |
796 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves function| $ function| jQuery function| Routie function| routie object| allPasswordInp function| showProgress function| showPassword function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| setImmediate function| clearImmediate function| login0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
mwhtelecom.com.br
www.gi-reproductiva.com
162.241.61.49
162.241.95.71
2001:4de0:ac18::1:a:3b
2606:4700::6810:135e
2606:4700::6810:5614
2a00:1450:4001:809::200a
2a00:1450:4001:812::2003
2a00:1450:4001:829::200a
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
09d3ba9b4d045ef3368f3c4961386263bc21804843ebb7a265df2fad3fe1a3cd
1412238fa46249b435bf58eb482f9d52d8641e9e2dd295fcd12f0e33027da0f9
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1d6e9ebb8cc5de69d5c3fa1fae2230bd27c5918e143abe73137eb1fb5f6b8873
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
50b7a8230adeaad3db9cfc1804fbdc6ad39d00e5dcf6b7a86e557ecfe8418628
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
6965c967fe2474e34f024a08618c84e9f995c3482a3c46e793b9eca4b00d82e2
703c53c713ce079e7704d6e89602d50b242e388a9ee4d97201e0a0a839b6b739
7e5e148a6482560efb2b4727dc197aec735495698a07578b5801814f869f72a9
a8ceaf504c789da0c9eb8581bad09f4f1a552aa69c3515be36a1ed60ee4af11d
bca0a00e822dd0dfc54c4aad464ed4c0346c8ba3e2ec4b011804fa49e1314058
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c2f183ec8568620570f8ed27339334d8e7bd1f73a02bb20fcb28bf5cd01cee9c
e0c254788ad36f95d44c1786c590263e89ea3976fcbc9ae7c82c52493b254391
f5a59995b708bcd4a76f805669462514d1b294d7935942ffc9f7d6ff70db93fa
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d