vivabolsaalt.xyz Open in urlscan Pro
191.101.131.77 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3
Submission: On May 24 via manual (May 24th 2024, 12:12:31 am UTC) from BR — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 191.101.131.77, located in Muriaé, Brazil and belongs to Tyna Host - Datacenter no Brasil, BR. The main domain is vivabolsaalt.xyz.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on May 23rd 2024. Valid for: 3 months.

This is the only time vivabolsaalt.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

	IP Address	AS Autonomous System
11	191.101.131.77 191.101.131.77	270353 (Tyna Host) (Tyna Host - Datacenter no Brasil)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	172.67.139.119 172.67.139.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	4

11 191.101.131.77 (Muriaé, Brazil)

ASN270353 (Tyna Host - Datacenter no Brasil, BR)
PTR: 191-101-131-77.as270353.com.br

vivabolsaalt.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.67.139.119 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	vivabolsaalt.xyz vivabolsaalt.xyz	467 KB
6	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1866 ka-f.fontawesome.com — Cisco Umbrella Rank: 4530	188 KB
0	caixa.gov.br Failed login2.caixa.gov.br Failed
18	3

	Domain	Requested by
11	vivabolsaalt.xyz	vivabolsaalt.xyz
5	ka-f.fontawesome.com	kit.fontawesome.com
1	kit.fontawesome.com	vivabolsaalt.xyz
0	login2.caixa.gov.br Failed
18	4

This site contains no links.

Subject Issuer	Validity	Valid
vivabolsaalt.xyz ZeroSSL RSA Domain Secure Site CA	`2024-05-23` - `2024-08-21`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2024-05-03` - `2024-08-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3
Frame ID: D58CEE78D7880C814F0DDFA96E45C6B4
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Entrar em Login Caixa

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

94 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

655 kB
Transfer

759 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response vivabolsaalt.xyz/regular/sinbc/login/	6 KB 6 KB	1134ms 665ms	Document text/html	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / PHP/8.0.30 Resource Hash `7f261857e56c0bc826d1be0085cba7cf1026929143e30a54960ef44366eac80c` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Length 5773 Content-Type text/html; charset=UTF-8 Date Fri, 24 May 2024 00:12:25 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By PHP/8.0.30
GET H/1.1	200 OK	main.css vivabolsaalt.xyz/regular/sinbc/src/css/	22 KB 22 KB	219ms 219ms	Stylesheet text/css	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/css/main.css Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `c749ca2b9938f4a05b33e1a2542fcf674262684cb2b9aca7881ffa437e91520f` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 23 Apr 2024 14:57:52 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "584f-616c4c73c4fb0" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 22607
GET H/1.1	200 OK	imask.min.js Show response vivabolsaalt.xyz/regular/sinbc/src/js/	81 KB 81 KB	617ms 204ms	Script text/javascript	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/js/imask.min.js Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `ac0087389428486b18220845da171874e351cc32a35ebd51e05f803872385184` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "14272-6148ee5f1bb00" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 82546
GET H/1.1	200 OK	jquery.js Show response vivabolsaalt.xyz/regular/sinbc/src/js/	161 KB 161 KB	618ms 204ms	Script text/javascript	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/js/jquery.js Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `410729346ef59cbe59181b16bff06b2814d4dd9d4050a1b186c099e53f999bce` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "2822f-6148ee5f1bb00" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 164399
GET H2	200	349cd453ad.js Show response kit.fontawesome.com/	12 KB 5 KB	486ms 462ms	Script text/javascript	2606:4700:4400::ac40:93bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit.fontawesome.com/349cd453ad.js Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ec667383b1953d0476cb9a260aa9db3a3042a2143665f71c7c5f04be9eb2179` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Origin https://vivabolsaalt.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:26 GMT content-encoding gzip cf-cache-status REVALIDATED server cloudflare vary origin, accept-encoding, access-control-request-headers, access-control-request-method access-control-max-age 3000 access-control-allow-methods GET, OPTIONS access-control-allow-origin * content-type text/javascript cache-control max-age=60, public, stale-while-revalidate=30 cf-ray 888912f71c02975e-FRA access-control-allow-headers accept, accept-langauge, content-language, content-type, fa-kit-token x-request-id F9JCz3hMll80dh7Ys-YB
GET H/1.1	200 OK	load.gif vivabolsaalt.xyz/regular/sinbc/src/imgs/	74 KB 74 KB	626ms 203ms	Image image/gif	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Show image Full URL https://vivabolsaalt.xyz/regular/sinbc/src/imgs/load.gif Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `999d0a19558081a4cde09a125b0bf2dab68fca2ecab40433fe441380150b5942` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "12671-6148ee5f1bb00" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 75377
GET H/1.1	200 OK	logo-load.png vivabolsaalt.xyz/regular/sinbc/src/imgs/	90 KB 90 KB	635ms 204ms	Image image/png	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Show image Full URL https://vivabolsaalt.xyz/regular/sinbc/src/imgs/logo-load.png Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `8f2b351d5e3a3b42e0467f8be9886948c60aa78ac465e2a5397ace232bcef0dc` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 23 Apr 2024 03:48:30 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "1671b-616bb6d69ea8e" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 91931
GET H/1.1	200 OK	logo-caixa.png vivabolsaalt.xyz/regular/sinbc/src/imgs/	4 KB 4 KB	203ms 202ms	Image image/png	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Show image Full URL https://vivabolsaalt.xyz/regular/sinbc/src/imgs/logo-caixa.png Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `a10b2226b24cb524fc090fc6b617601ddfa9c6bfc32b95c415b8057f0b32b340` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:26 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "1083-6148ee5f1bb00" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 4227
GET H/1.1	200 OK	interrogacao.svg vivabolsaalt.xyz/regular/sinbc/src/imgs/	1021 B 1 KB	202ms 202ms	Image image/svg+xml	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Show image Full URL https://vivabolsaalt.xyz/regular/sinbc/src/imgs/interrogacao.svg Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `eb36e7473ecb490885c097151ae7b39578df4140aaf254db51b4082f83840dc1` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:27 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "3fd-6148ee5f1bb00" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 1021
GET H/1.1	200 OK	validate.js Show response vivabolsaalt.xyz/regular/sinbc/src/js/	735 B 1 KB	205ms 205ms	Script text/javascript	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/js/validate.js Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `429ba48e0f88154f31400fa7c82a01147b45af81a54f4a8c2f76c432cacadd9b` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:27 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "2df-6148ee5f1bb00" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 735
GET H/1.1	200 OK	action.js Show response vivabolsaalt.xyz/regular/sinbc/src/js/	13 KB 14 KB	203ms 203ms	Script text/javascript	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/js/action.js Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `fe03ef0a5331ed3d691947d45db8fedecc17e26d8046176e814b1cbdaaa9734b` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/login/?auth=4b7462b3 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:27 GMT Last-Modified Thu, 23 May 2024 22:56:47 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "34f8-61926f739cf78" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 13560
GET H3	200	free.min.css Show response ka-f.fontawesome.com/releases/v6.5.2/css/	101 KB 23 KB	183ms 17ms	Fetch text/css	172.67.139.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.5.2/css/free.min.css?token=349cd453ad Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/349cd453ad.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3e9c73fa687cd4110688668977a7caa87f5a1dee0d11f03687bd4871deedf1c1` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:27 GMT content-encoding gzip via 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop FRA56-C2 age 1680 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 02 Apr 2024 15:26:25 GMT server cloudflare etag W/"7f29cd8c97789aa298af8c61623ca28b" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j9fn2cFAI22yZ55oGRuybYWFgXh%2BMw4aEw%2Bh0UNhfnBQ%2Fkr5DsUfFnnMXr6q371ibZx0Ub4VmSMWk16wxFWN9TAWwbNeAeMJEhwuP9ER4O6gSV7sw%2F8CRpzrPaPENb3%2FF%2F79uW%2FOGg%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 888912ffad491968-FRA access-control-allow-headers fa-kit-token x-amz-cf-id h0LWPWMjW8B9CdETZtvE-Iu4B11BcLoNID11sthT8QQTXax_FzoYtQ==
GET H3	200	free-v4-shims.min.css Show response ka-f.fontawesome.com/releases/v6.5.2/css/	27 KB 5 KB	181ms 15ms	Fetch text/css	172.67.139.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-shims.min.css?token=349cd453ad Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/349cd453ad.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f4e953827930889e844103c3a6771bd2e9de17d091b36378c40362271858e075` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:27 GMT content-encoding gzip via 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop FRA56-C2 age 1680 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 02 Apr 2024 15:26:25 GMT server cloudflare etag W/"940b066040a876fa1dc7b2ee2d222a58" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmS%2FJ8JPrwhJIznUyRZaCElhdxO7rTzrl69mhDohf4MN761cpp1o%2F6t91pxswMdGyM6RU3r9J27ug4kmPHxPdYvXjgXtiGZK684Zx5pV%2Bp9Yv8rPGqi1OhKbc4Fm8IbUCnbmRQ6EQw%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 888912ffad481968-FRA access-control-allow-headers fa-kit-token x-amz-cf-id JB6Ou2Pr9Oto6tQBSW4W09kL9inbR14WJzMcBiI7au5dQwwI7i6OKQ==
GET H3	200	free-v5-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.5.2/css/	823 B 991 B	187ms 22ms	Fetch text/css	172.67.139.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.5.2/css/free-v5-font-face.min.css?token=349cd453ad Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/349cd453ad.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1dc27b700a62c005e4521b670cac08fb0b4b3e02a73c1ac44e7f9a9784bd672` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:27 GMT via 1.1 13140684c599ca32163cf7ec1871cebc.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop FRA56-C2 age 1680 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 02 Apr 2024 15:26:25 GMT server cloudflare etag W/"a3d53e21a02e37af6cbc00ac63b3cc1e" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pCcobdlIA4FAaptFnVf%2FtZ%2F2%2B4vzqwyqb63DA0DK22xnmuKdipXzD05v21PSO75Xeu8Npva%2FfNSGjHDHrWpy2Rz44%2FuZ77WLMH%2FIYWlyXtO%2FzbHyxGSkHvJNTHBoc6mGMhD7h%2FYeZg%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 888912ffad461968-FRA access-control-allow-headers fa-kit-token x-amz-cf-id lggpGn9kdKXsdKSmVGy1hNyRcFXzSPPWW-tT27X0sw4c3jFGKYDGXA==
GET H3	200	free-v4-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.5.2/css/	2 KB 1 KB	182ms 16ms	Fetch text/css	172.67.139.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-font-face.min.css?token=349cd453ad Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/349cd453ad.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9699b18200a9d40ed7859411c33cfa2194174a4746d466123107f888d93dc878` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:27 GMT content-encoding gzip via 1.1 9928105291571d6cae52bcb916c898d8.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop FRA56-C2 age 1680 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 02 Apr 2024 15:26:25 GMT server cloudflare etag W/"9c9f596493867f0e7ef5f9fe99103fce" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8y%2Fcslu35V38az4K%2BzGPFvx6wdcSYCgi%2FxvZrs8ifJ3jCxOLS5%2B49HhIkme00F06iw5kFLitsgZ4l6wrYRiNz77QYjINloLkXfz5ySlmoqF%2BZmpaqhZn5n%2Ffayv27UQcZHtCzAMBZw%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 888912ffad441968-FRA access-control-allow-headers fa-kit-token x-amz-cf-id bUCHzw-L6tVRBvV9z3gNdJz2EVmki_YCE_KdAzKyIt23gI4Bk8WkUQ==
GET H/1.1	200 OK	futuraBook.woff vivabolsaalt.xyz/regular/sinbc/src/font/	12 KB 13 KB	203ms 203ms	Font font/woff	191.101.131.77 Datacenter no Brasil
General Check archive.org Show headers Download Go to Full URL https://vivabolsaalt.xyz/regular/sinbc/src/font/futuraBook.woff Requested by Host: vivabolsaalt.xyz URL: https://vivabolsaalt.xyz/regular/sinbc/src/css/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 191.101.131.77 Muriaé, Brazil, ASN270353 (Tyna Host - Datacenter no Brasil, BR), Reverse DNS 191-101-131-77.as270353.com.br Software Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 / Resource Hash `cef588bc026161c06f8f09683b4dbe9478955be7d9704bf81b625725b3d495d5` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/regular/sinbc/src/css/main.css Origin https://vivabolsaalt.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 24 May 2024 00:12:27 GMT Last-Modified Tue, 26 Mar 2024 11:50:36 GMT Server Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 ETag "31e0-6148ee5f1bb00" Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 12768
GET		favicon.ico login2.caixa.gov.br/auth/resources/7.3.3.ga/login/LoginCaixa2Passos/images/icons/	0 0

GET H3	200	free-fa-solid-900.woff2 ka-f.fontawesome.com/releases/v6.5.2/webfonts/	153 KB 153 KB	22ms 20ms	Font font/woff2	172.67.139.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-solid-900.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `41dca0965bdfd255f85e7fc8e9a3dc1fe3eb810996c553d4ef2b8872737ee825` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://vivabolsaalt.xyz/ Origin https://vivabolsaalt.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 00:12:29 GMT via 1.1 b25bc331cb2e5e7e25d9488f5ecdc940.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop FRA56-C2 age 1676 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 content-length 156388 last-modified Tue, 02 Apr 2024 15:51:14 GMT server cloudflare etag "ae015e3286ef56a0daf8e83838a32a88" access-control-max-age 3000 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NBjtKwFlg%2BEFPF1%2FkV36SoIgctHd1wK71vDnH%2FuLdjggjUYRcPy%2BoAJiR%2Flly5YUwQJkT4WkFh1lUC1UWdHQk%2BVZTXmEZGo2u5RmoiAPPApzAlsWA8bDPK5NcM39JdQBObOSD%2FEoMg%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding accept-ranges bytes cf-ray 8889130e6e901968-FRA access-control-allow-headers fa-kit-token x-amz-cf-id jr3CfCtxBOmuraKIrgSju3sWC8LlYML8uRP_lYUa0HN8XEX0PBG4bw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login2.caixa.gov.br
URL: https://login2.caixa.gov.br/auth/resources/7.3.3.ga/login/LoginCaixa2Passos/images/icons/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ka-f.fontawesome.com
kit.fontawesome.com
login2.caixa.gov.br
vivabolsaalt.xyz
login2.caixa.gov.br
172.67.139.119
191.101.131.77
2606:4700:4400::ac40:93bc
3e9c73fa687cd4110688668977a7caa87f5a1dee0d11f03687bd4871deedf1c1
410729346ef59cbe59181b16bff06b2814d4dd9d4050a1b186c099e53f999bce
41dca0965bdfd255f85e7fc8e9a3dc1fe3eb810996c553d4ef2b8872737ee825
429ba48e0f88154f31400fa7c82a01147b45af81a54f4a8c2f76c432cacadd9b
7f261857e56c0bc826d1be0085cba7cf1026929143e30a54960ef44366eac80c
8f2b351d5e3a3b42e0467f8be9886948c60aa78ac465e2a5397ace232bcef0dc
9699b18200a9d40ed7859411c33cfa2194174a4746d466123107f888d93dc878
999d0a19558081a4cde09a125b0bf2dab68fca2ecab40433fe441380150b5942
9ec667383b1953d0476cb9a260aa9db3a3042a2143665f71c7c5f04be9eb2179
a10b2226b24cb524fc090fc6b617601ddfa9c6bfc32b95c415b8057f0b32b340
ac0087389428486b18220845da171874e351cc32a35ebd51e05f803872385184
c749ca2b9938f4a05b33e1a2542fcf674262684cb2b9aca7881ffa437e91520f
cef588bc026161c06f8f09683b4dbe9478955be7d9704bf81b625725b3d495d5
e1dc27b700a62c005e4521b670cac08fb0b4b3e02a73c1ac44e7f9a9784bd672
eb36e7473ecb490885c097151ae7b39578df4140aaf254db51b4082f83840dc1
f4e953827930889e844103c3a6771bd2e9de17d091b36378c40362271858e075
fe03ef0a5331ed3d691947d45db8fedecc17e26d8046176e814b1cbdaaa9734b

vivabolsaalt.xyz Open in urlscan Pro 191.101.131.77 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

655 kBTransfer

759 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

vivabolsaalt.xyz Open in urlscan Pro
191.101.131.77 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

655 kB
Transfer

759 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!