urlscan.io logo urlscan.io
SecurityTrails logo

nova.atualizacaowebsegura.ga Open in urlscan Pro
194.113.104.181  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Submission Tags: 6784310
Submission: On September 26 via api from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 194.113.104.181, located in Russian Federation and belongs to Hosting vpsville.ru, RU. The main domain is nova.atualizacaowebsegura.ga.
This is the only time nova.atualizacaowebsegura.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

IP Address AS Autonomous System
1 10 194.113.104.181 59504 (Hosting v...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
11 3
Apex Domain
Subdomains		 Transfer
10 atualizacaowebsegura.ga
nova.atualizacaowebsegura.ga
212 KB
1 googleapis.com
ajax.googleapis.com
30 KB
1 jquery.com
code.jquery.com
33 KB
11 3
Domain Requested by
10 nova.atualizacaowebsegura.ga 1 redirects nova.atualizacaowebsegura.ga
1 ajax.googleapis.com nova.atualizacaowebsegura.ga
1 code.jquery.com nova.atualizacaowebsegura.ga
11 3

This site contains no links.

Subject Issuer Validity Valid
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Frame ID: 50E599E5A8CCBE31FFCAF4601C6C0F2E
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://nova.atualizacaowebsegura.ga/login/home/04/login HTTP 301
    http://nova.atualizacaowebsegura.ga/login/home/04/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

11
Requests

18 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

275 kB
Transfer

565 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nova.atualizacaowebsegura.ga/login/home/04/login HTTP 301
    http://nova.atualizacaowebsegura.ga/login/home/04/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
nova.atualizacaowebsegura.ga/login/home/04/login/
Redirect Chain
  • http://nova.atualizacaowebsegura.ga/login/home/04/login
  • http://nova.atualizacaowebsegura.ga/login/home/04/login/
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
1500081c4de78f7025644c327d7b7acaf207afdfcd80f8f45e60f735146f9aa0

Request headers

Host
nova.atualizacaowebsegura.ga
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Server
Apache/2.4.29 (Ubuntu)
Set-Cookie
PHPSESSID=meao0j2dp5kckftlb455d4bbdd; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
3636
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Server
Apache/2.4.29 (Ubuntu)
Location
http://nova.atualizacaowebsegura.ga/login/home/04/login/
Content-Length
358
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
bootstrap.css
nova.atualizacaowebsegura.ga/login/css/ 		174 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/css/bootstrap.css
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8c1a4c25634d5841924aab1848acc9dcbc3d5672183053c8b71ff2139b65d7c3

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jan 2018 10:33:20 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"2b7e8-5630a7e19dc00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
22404
desktop.css
nova.atualizacaowebsegura.ga/login/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/css/desktop.css
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
06c03a25f7d0cc0fbda704220ad79e9a0111740b91e2234af7c7084683d8ba21

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Aug 2020 14:09:44 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"21e1-5adb441403a00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2184
loading.css
nova.atualizacaowebsegura.ga/login/css/ 		499 B
608 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/css/loading.css
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
bc78c39dbed9bbdcaf3cd7dd722256f976f5063136fbf141b2079e468b439a7c

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Content-Encoding
gzip
Last-Modified
Thu, 08 Nov 2018 11:25:04 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1f3-57a257c756400-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
272
jquery-1.12.0.min.js
code.jquery.com/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.12.0.min.js
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 26 Sep 2020 20:45:29 GMT
content-encoding
gzip
last-modified
Fri, 08 Jan 2016 19:57:42 GMT
server
nginx
status
200
etag
W/"569014b6-17c52"
vary
Accept-Encoding
x-hw
1601153129.dop006.fr8.t,1601153129.cds203.fr8.hn,1601153129.cds121.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
33820
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 26 Sep 2020 17:29:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11754
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30399
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 26 Sep 2021 17:29:35 GMT
padrao_mk.js
nova.atualizacaowebsegura.ga/login/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/js/padrao_mk.js
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
1441dd1b788acd480830a9ed0611e7169cdc4d571c8e30c167bc04bcb3cd7b15

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Nov 2018 19:27:00 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"796-57b1d9e150900-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
797
geral.js
nova.atualizacaowebsegura.ga/login/js/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://nova.atualizacaowebsegura.ga/login/js/geral.js
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/home/04/login/
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
c0e4551a5d1154da3e1890a2b88623f2b5c8296eec1b8e76f728f035726ea0d2

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/home/04/login/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Content-Encoding
gzip
Last-Modified
Sun, 23 Aug 2020 16:08:14 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"234d-5ad8dad5b7780-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1707
loading.gif
nova.atualizacaowebsegura.ga/login/img/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nova.atualizacaowebsegura.ga/login/img/loading.gif
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/css/loading.css
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
b28604c7e478ef48a7c1f3554e64d72aa69438a9ec15cea40e1cd661dc74f432

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/css/loading.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Last-Modified
Thu, 08 Nov 2018 11:22:37 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"8a91-57a2573b25940"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
35473
sprites.png
nova.atualizacaowebsegura.ga/login/img/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nova.atualizacaowebsegura.ga/login/img/sprites.png
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/css/desktop.css
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
b07f3473f3a889798a93b7b02c3b9399d4814e82765b988aa54edb93f4d5f2c5

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/css/desktop.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Last-Modified
Thu, 08 Nov 2018 11:46:24 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"13ea0-57a25c8c0a400"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
81568
fundoLogin.jpeg
nova.atualizacaowebsegura.ga/login/img/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nova.atualizacaowebsegura.ga/login/img/fundoLogin.jpeg
Requested by
Host: nova.atualizacaowebsegura.ga
URL: http://nova.atualizacaowebsegura.ga/login/css/desktop.css
Protocol
HTTP/1.1
Server
194.113.104.181 , Russian Federation, ASN59504 (Hosting vpsville.ru, RU),
Reverse DNS
vps109020.vpsville.ru
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
b48f28432eda2202f4724a207216008162ff4b17fe380cb9e9a241d399bfc433

Request headers

Referer
http://nova.atualizacaowebsegura.ga/login/css/desktop.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 26 Sep 2020 20:45:29 GMT
Last-Modified
Tue, 25 Aug 2020 14:07:45 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"10044-5adb43a286e40"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
65604

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery function| mascaraMike function| pulacampo function| SomenteNumero function| need_acess function| check_st function| check_fone function| check_sms function| ValidaUsuarioInternet function| ValidaSenhaInternet function| ValidaSenha function| isNumber function| IsNumber function| IsString object| jQuery1120033540035135372914

1 Cookies

Domain/Path Name / Value
nova.atualizacaowebsegura.ga/ Name: PHPSESSID
Value: meao0j2dp5kckftlb455d4bbdd