emprestimos.meusacessos.click Open in urlscan Pro
2606:4700:3037::6815:53b3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://emprestimos.meusacessos.click/atualizar/
Submission: On February 22 via automatic, source phishtank (February 22nd 2024, 1:32:14 pm UTC) — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3037::6815:53b3, located in United States and belongs to CLOUDFLARENET, US. The main domain is emprestimos.meusacessos.click.

This is the only time emprestimos.meusacessos.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

	IP Address	AS Autonomous System
15	2606:4700:303... 2606:4700:3037::6815:53b3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

15 2606:4700:3037::6815:53b3 (United States)

ASN13335 (CLOUDFLARENET, US)

emprestimos.meusacessos.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

userstatics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	meusacessos.click emprestimos.meusacessos.click	5 MB
1	userstatics.com userstatics.com — Cisco Umbrella Rank: 142332	707 B
16	2

	Domain	Requested by
15	emprestimos.meusacessos.click	emprestimos.meusacessos.click
1	userstatics.com	emprestimos.meusacessos.click
16	2

This site contains no links.

Subject Issuer	Validity	Valid
userstatics.com E1	`2024-01-29` - `2024-04-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://emprestimos.meusacessos.click/atualizar/
Frame ID: C65692DFFB99D570FAE2C3A0ACB87104
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Empréstimo Auxilio Brasil

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
sweetalert2(?:\.all)?(?:\.min)?\.js

Page Statistics

16
Requests

6 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

4667 kB
Transfer

5039 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response emprestimos.meusacessos.click/atualizar/	10 KB 4 KB	196ms 81ms	Document text/html	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dc782bed57f5c57b83ff0f2ff79519cb4752c066d840d7862f45463d85dddc96` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 859797f2f8d1782f-CDG Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 22 Feb 2024 13:32:10 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vNgCEveT5PywbKoBeib67dgX9UjBStF58sG519R%2Bi8AsBAgJsqXeCGCaqm5A8cLxzgtauXqpQKYLCNu4ssD%2FVB9Hz7LtZBPUOfA92PX01DltbQzSKZelbeOeknMAwPCeR33x2Elhg6RG7IJl%2BwFP%2BaJCtiPMBWt6r20Bg%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400 vary Accept-Encoding
GET H/1.1	200 OK	index.css emprestimos.meusacessos.click/atualizar/css/	3 KB 2 KB	27ms 26ms	Stylesheet text/css	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/css/index.css Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `df22f350b3aa8616d1717e2125575073d29ac5ed8886139b855a08ec8c657300` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5052 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 1006 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "ba7-655a8bc6-760f24;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8jLV3Zu4FDr6cYTvjNSOCNvSljXiJ1RaX%2Fb6wmarRxSDCu7Y55iRaYXYWZHI1BQAzewJpjNQA6htlGtQj38eX3o3bzdMRlj32Xksm9oYY2uAmJ813ZYc2sLlN%2BCw3MgCE5OxtY5luMv%2B8EPnlNlBZUJ2FlnaY9tDitLvw%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f3895a782f-CDG expires Thu, 29 Feb 2024 12:07:58 GMT
GET H/1.1	200 OK	bootstrap.min.css emprestimos.meusacessos.click/atualizar/css/	227 KB 31 KB	46ms 29ms	Stylesheet text/css	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/css/bootstrap.min.css Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a` Request headers Referer http://emprestimos.meusacessos.click/atualizar/ Origin http://emprestimos.meusacessos.click accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6429 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 31125 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "38cf3-655a8bc6-760f23;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FupVAWW94UOiuertaeYgLqiOeZwX1Zl5leWALXlFH504Vo36tbEpqCkE7mMh1pw5rkRRyejJV2EHyMhP22RxNEqRz9r7%2FC1NKCnIF28K%2BWOcKhjHW7r2n0zuEF2Vn0G08AYmMa1uIcHZCrabVvhZbKo1rrhfDOhLstUWIg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f39e646f2d-CDG expires Thu, 29 Feb 2024 11:45:01 GMT
GET H/1.1	200 OK	all.min.css emprestimos.meusacessos.click/atualizar/css/	100 KB 23 KB	60ms 32ms	Stylesheet text/css	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/css/all.min.css Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4785b6972fb2353f0b4e7bb64ff081d2f3cbbfc555de4132b41cd9fb2faef104` Request headers Referer Origin http://emprestimos.meusacessos.click accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5052 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 22373 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "18e4d-655a8bc6-760f22;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcBr%2FuedtKx7z5tGLMhK%2BH3kJ4SGfxKAqKe87F9EaOZZAe0rKagnTMlb6DJPOV5dEIdOOhmxKjyaWM2OfsCV5B3DZzemhSh6kuvQbIQvc8gta2Dv19IuTMsl9A4vGtmsdQpP5K9pFIyvqDUCs26oZvRNE%2Bc5XYdI4jNZeg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f3a98a782f-CDG expires Thu, 29 Feb 2024 12:07:58 GMT
GET H/1.1	200 OK	sweetalert2.min.css emprestimos.meusacessos.click/atualizar/css/	22 KB 5 KB	70ms 23ms	Stylesheet text/css	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/css/sweetalert2.min.css Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6429 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 4180 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "58a2-655a8bc6-760f25;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30aFv4yq8xsGv7qSq6zceBFI%2FYJPqFoOWDV7glS%2F1QbFqiZB%2Ft8PRBPeDiq6jHxAlEHnh7c7WC2h2FlMEvF9oPRLIQVu4bgsOJTh42udeNZCRZpB1qGRTxZMIYwytXCosaG7BUgDBabCKYpmtkKi4bNOm6BBN%2FClpRYdbA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f3cea36f2d-CDG expires Thu, 29 Feb 2024 11:45:01 GMT
GET H/1.1	200 OK	aux_brasil.png emprestimos.meusacessos.click/atualizar/images/	24 KB 25 KB	138ms 76ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/aux_brasil.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `714c76b566247379dbb72bc485b762433a0c5a19277f538bbb0daab84db031f7` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 24919 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "6157-655a8bc6-760f33;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkJTLOFSr1lNMpcwa066rAncYpf%2Bz9fcfJjyldufy45L41GRsP873c%2BmyUBuaeHWM36ExzyDepbNMbzfoJyrsy%2F50FHAGWsJpuXy4Rq5i5KbM23lcjgEtpaXIFu3Dr8%2BjD7HgNDldgtwUCzmBPRB%2FrN0b4GqcUrarY%2BSSA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f3e9bf782f-CDG expires Thu, 29 Feb 2024 13:32:10 GMT
GET H/1.1	200 OK	bolsa_familia_logo.png emprestimos.meusacessos.click/atualizar/images/	18 KB 19 KB	100ms 28ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/bolsa_familia_logo.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c547741d4973888d9f430629a7c626a0dc36515ef33c7b4c8bc86a73a3360160` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6388 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 18429 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "47fd-655a8bc6-760f34;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kANIzsAiYNNuWusWoihJfOWstcTwwkcN2bNT5%2BOmlrUJ8odtEBEGb7lxeFNu9UkxciY3bsUwOCJvfIYXLQBp7ROPP%2F5KH51QCvtAVDGrKfByrttGQfJnhh%2FM%2Fp1hoetPYAolZW8yOF1YinuixHcg29Yz61H88WPck9UyEg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f3fee36f2d-CDG expires Thu, 29 Feb 2024 11:45:42 GMT
GET H/1.1	200 OK	8638314_whatsapp_compress.png emprestimos.meusacessos.click/atualizar/images/	4 MB 4 MB	172ms 109ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/8638314_whatsapp_compress.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5edac30d081073096f7d5b8e7c14841e1fc25e1488378985d058e89056943432` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6464 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 4148019 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "3f4b33-655a8bc6-760f32;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjaq1nqi%2F89F2bsUrO364uOI%2B3%2F2aAAhny5IbB3YHS0EXhB1DXooLgTDecSyTrorSeZDVpHLFlSRVlAVw42XUIWG9yq1N9cr5kAtIyrea8hyfDDpK5CdUeqNkT3m0mOy%2FPG9L%2F%2Fb9akppoFL10PW6TutT2QtmkBhrdzgqg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f45a7f5740-IAD expires Thu, 29 Feb 2024 11:44:26 GMT
GET H/1.1	200 OK	tutorial_1.png emprestimos.meusacessos.click/atualizar/images/	210 KB 211 KB	177ms 119ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/tutorial_1.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `af3b21fef32af9e224f88c344c2a09554c5c5041e5a62f0dff96806ce8906995` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 51539 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 214999 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "347d7-655a8bc6-760f37;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFjEGlKSBTfWzo3ws%2BbQYBXWPFqrqRQY7erlFMKELsnrtKqYweUzV2H6PGg%2Bob8AGQE2w3boKGFt9td%2B71KuZ7k8A6dpNRjJmZlU2Pq%2F6wB%2BIh8U2U5CwP5KW6eCayq4QrP839XVmn48XYeLur%2B8zEE2JXV9cA7ME0fYNw%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f46d984325-EWR expires Wed, 28 Feb 2024 23:13:11 GMT
GET H/1.1	200 OK	x-volume-positiva-54-v2.png emprestimos.meusacessos.click/atualizar/images/	1 KB 2 KB	100ms 25ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/x-volume-positiva-54-v2.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6429 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 1188 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "4a4-655a8bc6-760f38;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZU1ggL3lcMoyChHIfUjG2Bf6fGKhn6E9xKq3%2ByTMQzunWOjfod86Bpw5PJ%2B13VIG8wh9T5EcFIG1tB4foxdFhcK82o9DHb1pOObViNH7A7NcLI8Lt54SwMEdYjZ%2F09AkjC9nDRtGQ7uG6Ny2phyrt7ei1XptweUvpEmIA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f45f976f2d-CDG expires Thu, 29 Feb 2024 11:45:01 GMT
GET H/1.1	200 OK	ic-acesso-informacao-54-v2.png emprestimos.meusacessos.click/atualizar/images/	2 KB 3 KB	40ms 34ms	Image image/png	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://emprestimos.meusacessos.click/atualizar/images/ic-acesso-informacao-54-v2.png Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8651eae74447f591887264b3e8d5407f67475149f8ef903840449e10f5e35604` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6372 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 1770 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "6ea-655a8bc6-760f36;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNSS4waD1mHSRvRbvbfN3vofftKiA1LRH%2BaDfqU7pOr3k8W7mnQjUjian0tZDBOz3NFhQKjNIBiEtPPEIiGVnEcADApvI7Ycdw6Y3ITyz3t3QYIPYFj9bQpw87gAfxGohDPNaznam8Q%2BdvMkYsH5WvMKwYIPsmXp%2Bj%2FEHg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f42f376f2d-CDG expires Thu, 29 Feb 2024 11:45:58 GMT
GET H/1.1	200 OK	sweetalert2.min.js Show response emprestimos.meusacessos.click/atualizar/js/	40 KB 14 KB	98ms 29ms	Script application/x-javascript	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/js/sweetalert2.min.js Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/atualizar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5052 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 13295 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "a179-655a8bc6-760f3e;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bo%2Fbk2FHUTb6sqMp3vExxMLjQKGL1%2BHvPUMviCCVv8KI9Zckpc%2BfFxPpXlchXf7vXILKAYS%2FP4iWHcUuTSRUwdBWBy1VKxH%2B3WZqV3RrmDiQb28t2FyQbtt4cbMyurKFqnkxlqbXrdgpeWLeLitLypfNI6Wkg3R8%2BctE2g%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/x-javascript cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f46a40782f-CDG expires Thu, 29 Feb 2024 12:07:58 GMT
GET H/1.1	200 OK	bootstrap.bundle.min.js Show response emprestimos.meusacessos.click/atualizar/js/	79 KB 24 KB	23ms 23ms	Script application/x-javascript	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/js/bootstrap.bundle.min.js Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/ Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a23bc241647e57f561aef14b09c3e9c6ea14caf2358278cc725eeb179b303ea3` Request headers Referer http://emprestimos.meusacessos.click/atualizar/ Origin http://emprestimos.meusacessos.click accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT content-encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 6388 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 23466 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "13b4d-655a8bc6-760f3d;gz" vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CoA4j2zJmUWc7lbQgM7pNak3bCPoNDn4EX%2B%2BIjCSpU17Dy1BF8%2BWwpu4kZboHgUYD0hccW8P6lvorfiK7HXWaUEutfOwaFXpT4%2BvH1%2F2LYiiKDoQ3m4Kk5%2Fd%2BvyNaDqLSCbRrnQz%2F2bpAGs%2F4viVrF3rYU5ukC35ltl7WA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/x-javascript cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f48fce6f2d-CDG expires Thu, 29 Feb 2024 11:45:42 GMT
GET H/1.1	200 OK	fa-solid-900.woff2 emprestimos.meusacessos.click/atualizar/fonts/	147 KB 147 KB	112ms 106ms	Font font/woff2	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/fonts/fa-solid-900.woff2 Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/css/all.min.css Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880` Request headers Referer http://emprestimos.meusacessos.click/atualizar/css/all.min.css Origin http://emprestimos.meusacessos.click accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 5841 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 150124 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "24a6c-655a8bc6-760f2d;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtiwLuKptyWa0n8ql4fHNIDaVS%2BJYe01U4e93GDSnXckoNZ1BnT2zKkzRjgw7txv8bVxLNr5%2BttSom2TZaUA5hxT%2BQM9X9GiNa1m4sOa4R9%2BRV5z848rr5r%2BHPllaiCfBb4irVYeKDA2%2B%2FwoEnuCTWGRGWsFSfdO%2FMUUzQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff2 cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f459cd20c4-IAD expires Thu, 29 Feb 2024 11:54:48 GMT
GET H/1.1	200 OK	fa-brands-400.woff2 emprestimos.meusacessos.click/atualizar/fonts/	105 KB 106 KB	113ms 107ms	Font font/woff2	2606:4700:3037::6815:53b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://emprestimos.meusacessos.click/atualizar/fonts/fa-brands-400.woff2 Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/css/all.min.css Protocol HTTP/1.1 Server 2606:4700:3037::6815:53b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207` Request headers Referer http://emprestimos.meusacessos.click/atualizar/css/all.min.css Origin http://emprestimos.meusacessos.click accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers Date Thu, 22 Feb 2024 13:32:10 GMT CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Age 3029 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 108020 last-modified Sun, 19 Nov 2023 22:27:18 GMT Server cloudflare etag "1a5f4-655a8bc6-760f29;;;" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Xh1h3f%2Byvppc%2Bn3%2BnqrRd6kOHaZqiwT4xisNRSzcAtC1a%2Bgeb58ZRidqVtOPqkRBqyV0reRpp7JHSNKX3DNkQROhZITo53LDEO1IFwCm%2FpZvTwZ1NDtzjV6777IIEGa2iace2NdHMMfutBE89RBkT4krL6%2FWUTHvTT8DQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff2 cache-control public, max-age=604800 Accept-Ranges bytes CF-RAY 859797f45f0343a6-EWR expires Thu, 29 Feb 2024 12:41:41 GMT
GET H2	200	script.js Show response userstatics.com/get/	133 B 707 B	82ms 42ms	Script text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://userstatics.com/get/script.js?referrer=http://emprestimos.meusacessos.click/atualizar/ Requested by Host: emprestimos.meusacessos.click URL: http://emprestimos.meusacessos.click/atualizar/js/bootstrap.bundle.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.1 Resource Hash `df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26` Request headers accept-language de-DE,de;q=0.9 Referer http://emprestimos.meusacessos.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36 Response headers date Thu, 22 Feb 2024 13:32:11 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.2.1 vary Accept-Encoding access-control-allow-methods GET, POST content-type text/html; charset=utf-8 access-control-allow-origin http://emprestimos.meusacessos.click report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMgr9oBz714OCt7vRy7Z19ztSbQS4FvavAVYrc1AeOi%2Bo5Kpb9fDQ7CDPF07TEg9dEew56o4rQQW%2F3F3rB0Lscfj1l5y%2FK4JQDUdUmG5RogA8fhKRuIy3jzbL7AbNWHtaWs%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 859797fb3d7266ac-AMS access-control-allow-headers X-Requested-With,content-type alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			emprestimos.meusacessos.click/atualizar	1970-01-20 18:37:28	Name: PHPREFS Value: full

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

emprestimos.meusacessos.click
userstatics.com
188.114.96.3
2606:4700:3037::6815:53b3
16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a
254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0
311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270
4785b6972fb2353f0b4e7bb64ff081d2f3cbbfc555de4132b41cd9fb2faef104
5edac30d081073096f7d5b8e7c14841e1fc25e1488378985d058e89056943432
714c76b566247379dbb72bc485b762433a0c5a19277f538bbb0daab84db031f7
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
8651eae74447f591887264b3e8d5407f67475149f8ef903840449e10f5e35604
a23bc241647e57f561aef14b09c3e9c6ea14caf2358278cc725eeb179b303ea3
af3b21fef32af9e224f88c344c2a09554c5c5041e5a62f0dff96806ce8906995
b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e
c547741d4973888d9f430629a7c626a0dc36515ef33c7b4c8bc86a73a3360160
dc782bed57f5c57b83ff0f2ff79519cb4752c066d840d7862f45463d85dddc96
df22f350b3aa8616d1717e2125575073d29ac5ed8886139b855a08ec8c657300
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26

emprestimos.meusacessos.click Open in urlscan Pro 2606:4700:3037::6815:53b3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

4667 kBTransfer

5039 kBSize

1 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

emprestimos.meusacessos.click Open in urlscan Pro
2606:4700:3037::6815:53b3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

4667 kB
Transfer

5039 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!