atualize.cadxtem.online Open in urlscan Pro
200.69.21.152 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://atualize.cadxtem.online/
Effective URL:
https://atualize.cadxtem.online/caixatem.php
Submission: On March 15 via manual (March 15th 2024, 7:36:32 am UTC) from DE — Scanned from DE

Summary HTTP 19 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 200.69.21.152, located in United States and belongs to A2HOSTING, US. The main domain is atualize.cadxtem.online.
TLS certificate: Issued by R3 on March 14th 2024. Valid for: 3 months.

This is the only time atualize.cadxtem.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

	IP Address	AS Autonomous System
18	200.69.21.152 200.69.21.152	55293 (A2HOSTING) (A2HOSTING)
1	52.222.214.35 52.222.214.35	16509 (AMAZON-02) (AMAZON-02)
19	2

18 200.69.21.152 (United States)

ASN55293 (A2HOSTING, US)

atualize.cadxtem.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-35.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	cadxtem.online atualize.cadxtem.online	127 KB
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 3733	965 B
19	2

	Domain	Requested by
18	atualize.cadxtem.online	atualize.cadxtem.online
1	api.company-target.com	atualize.cadxtem.online
19	2

This site contains links to these domains. Also see Links.

Domain
atuacad1.com

Subject Issuer	Validity	Valid
atualize.cadxtem.online R3	`2024-03-14` - `2024-06-12`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2023-09-27` - `2024-09-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://atualize.cadxtem.online/caixatem.php
Frame ID: 0D87E8911E62677871E8FA7B30D274E5
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CAIXA

Page URL History Show full URLs

https://atualize.cadxtem.online/ Page URL
https://atualize.cadxtem.online/caixatem.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

128 kB
Transfer

288 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://atuacad1.com/auth?flow=inputUsername#faq
Title: Preciso de ajuda

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://atualize.cadxtem.online/ Page URL
https://atualize.cadxtem.online/caixatem.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response atualize.cadxtem.online/	2 KB 1 KB	671ms 214ms	Document text/html	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PHP/8.2.16 PleskLin Resource Hash `31725cd33ae578e0cf5cc135fc6fd29d24158d9eb16fee6a40c47b754c75f453` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 880 content-type text/html; charset=UTF-8 date Fri, 15 Mar 2024 07:36:26 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.2.16 PleskLin
GET H2	200	caixatem-white.png atualize.cadxtem.online/auth_files/	17 KB 17 KB	401ms 400ms	Image image/png	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://atualize.cadxtem.online/auth_files/caixatem-white.png Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `88fb48c350619c7ede48413118c899900d5801f565f16bf2f78b23c753128c79` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:26 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag "65f32c1d-43f3" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 17395
GET H2	200	Primary Request caixatem.php Show response atualize.cadxtem.online/	9 KB 3 KB	214ms 214ms	Document text/html	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/caixatem.php Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PHP/8.2.16 PleskLin Resource Hash `d8bd3924a741b75957ee3367bbc1c900511e4e63d10da54d9204bd5929b02764` Request headers Referer https://atualize.cadxtem.online/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 3301 content-type text/html; charset=UTF-8 date Fri, 15 Mar 2024 07:36:29 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.2.16 PleskLin
GET H2	200	socket.io.min.js.transferir Show response atualize.cadxtem.online/auth_files/	49 KB 14 KB	412ms 411ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/socket.io.min.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-c244" x-powered-by PleskLin content-type text/javascript
GET H2	200	sessionHelpers.js.transferir Show response atualize.cadxtem.online/auth_files/	7 KB 2 KB	620ms 619ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/sessionHelpers.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `6be86aba8fa17533af934b82b5eda173ce02dbd969372608406179648cce4779` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-1bf6" x-powered-by PleskLin content-type text/javascript
GET H2	200	main.css atualize.cadxtem.online/auth_files/	25 KB 4 KB	210ms 210ms	Stylesheet text/css	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/main.css Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `3fd4831c4c7cdc3d26a978b40241a16a7795c65d9f0f9c0b887602b719007a4a` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-621f" x-powered-by PleskLin content-type text/css
GET H2	200	fsso.css atualize.cadxtem.online/auth_files/	1 KB 521 B	213ms 213ms	Stylesheet text/css	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/fsso.css Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `736161c02d6980a800ee35c57b869cbd6f352c411203b89e794b53edc56cdf5e` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-4fa" x-powered-by PleskLin content-type text/css
GET H2	200	jquery.js.transferir Show response atualize.cadxtem.online/auth_files/	85 KB 29 KB	618ms 617ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/jquery.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `99e691fae5e88eb36bafb24758b35f0f990708295f8f2abe2221891e328f776a` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-155ed" x-powered-by PleskLin content-type text/javascript
GET H2	200	imask.min.js.transferir Show response atualize.cadxtem.online/auth_files/	44 KB 12 KB	620ms 619ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/imask.min.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `63c6bca75c5ba6da5336acef9f07f249f52b6ef6343f5d1ec46916139b30ee16` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-b1f1" x-powered-by PleskLin content-type text/javascript
GET H2	200	validate.js.transferir Show response atualize.cadxtem.online/auth_files/	4 KB 1 KB	619ms 618ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/validate.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `eb545b8ac4e9673641214567329f2d88a8546e1a7a10e0be37ce709fd94f0fb4` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-116b" x-powered-by PleskLin content-type text/javascript
GET H2	200	logo-caixa.png atualize.cadxtem.online/auth_files/	4 KB 4 KB	420ms 420ms	Image image/png	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://atualize.cadxtem.online/auth_files/logo-caixa.png Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `a10b2226b24cb524fc090fc6b617601ddfa9c6bfc32b95c415b8057f0b32b340` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag "65f32c1d-1083" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 4227
GET H2	200	interrogacao.svg atualize.cadxtem.online/auth_files/	1021 B 1 KB	619ms 619ms	Image image/svg+xml	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://atualize.cadxtem.online/auth_files/interrogacao.svg Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `eb36e7473ecb490885c097151ae7b39578df4140aaf254db51b4082f83840dc1` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx x-accel-version 0.01 etag "3fd-613a1c3df2783" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 1021
GET H2	200	caixatem-white.png atualize.cadxtem.online/auth_files/	17 KB 17 KB	212ms 212ms	Image image/png	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Show image Full URL https://atualize.cadxtem.online/auth_files/caixatem-white.png Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `88fb48c350619c7ede48413118c899900d5801f565f16bf2f78b23c753128c79` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:29 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag "65f32c1d-43f3" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 17395
GET H2	200	helpers.js.transferir Show response atualize.cadxtem.online/auth_files/	4 KB 1 KB	213ms 213ms	Script text/javascript	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/auth_files/helpers.js.transferir Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/caixatem.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `9e6b31e52eba36a38459ecf9305ff986e9268a7ce2498177ff30f0b0a8f81886` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/caixatem.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:30 GMT content-encoding br last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag W/"65f32c1d-1071" x-powered-by PleskLin content-type text/javascript
GET H2	200	futuraBook.woff atualize.cadxtem.online/fonts/	12 KB 13 KB	215ms 215ms	Font font/woff	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/fonts/futuraBook.woff Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/auth_files/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `cef588bc026161c06f8f09683b4dbe9478955be7d9704bf81b625725b3d495d5` Request headers Referer https://atualize.cadxtem.online/auth_files/main.css Origin https://atualize.cadxtem.online accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:30 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag "65f32c1d-31e0" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 12768
GET H2	200	fsso.woff2 atualize.cadxtem.online/fonts/	4 KB 4 KB	218ms 218ms	Font font/woff2	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/fonts/fsso.woff2? Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/auth_files/fsso.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / PleskLin Resource Hash `f4d77754b30e09df3ae9f69513eb48fc68e092d2599cc29cd961b8254e311dbb` Request headers Referer https://atualize.cadxtem.online/auth_files/fsso.css Origin https://atualize.cadxtem.online accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:30 GMT last-modified Thu, 14 Mar 2024 16:55:57 GMT server nginx etag "65f32c1d-ea0" x-powered-by PleskLin content-type font/woff2 accept-ranges bytes content-length 3744
GET H2	404	/ Show response atualize.cadxtem.online/socket.io/	808 B 500 B	214ms 213ms	XHR text/html	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/socket.io/?EIO=4&transport=polling&t=Ov12dqN Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/auth_files/socket.io.min.js.transferir Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers Accept / Referer https://atualize.cadxtem.online/caixatem.php accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:30 GMT content-encoding br last-modified Wed, 06 Mar 2024 16:44:46 GMT server nginx etag W/"328-61300ad2c97ab" content-type text/html
GET H2	200	ip.json Show response api.company-target.com/api/v2/	462 B 965 B	69ms 45ms	Fetch application/json	52.222.214.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?key=2CK76iqJDbtbuCQe6PBhSaHiJ46DCjBlVuCVjCUN Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/auth_files/sessionHelpers.js.transferir Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.214.35 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-214-35.fra56.r.cloudfront.net Software nginx / Resource Hash `0ffef8de1b0718163f063c83041c0600649a7502101f5da81cd6bc42c45ca3a5` Request headers accept-language de-DE,de;q=0.9 Referer https://atualize.cadxtem.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:30 GMT identification-source CENTRAL content-encoding gzip via 1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P3 x-cache Miss from cloudfront request-id f6e9def2-53b1-43fd-96d4-2157c39c8c2b pragma no-cache server nginx access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS content-type application/json;charset=utf-8 access-control-allow-origin https://atualize.cadxtem.online access-control-expose-headers x-amz-cf-id cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true vary Accept-Encoding, Origin api-version v2 access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id TEgyni8uE4kMbr2dc6gFkCFuj-LIlTHwAvpeOxCgHqsqrjGZiOiIVg== expires Thu, 14 Mar 2024 07:36:30 GMT
GET H2	404	/ Show response atualize.cadxtem.online/socket.io/	808 B 500 B	193ms 193ms	XHR text/html	200.69.21.152 A2HOSTING
General Check archive.org Show headers Download Go to Full URL https://atualize.cadxtem.online/socket.io/?EIO=4&transport=polling&t=Ov12eDP Requested by Host: atualize.cadxtem.online URL: https://atualize.cadxtem.online/auth_files/socket.io.min.js.transferir Protocol H2 Security TLS 1.3, , AES_256_GCM Server 200.69.21.152 , United States, ASN55293 (A2HOSTING, US), Reverse DNS Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers Accept / Referer https://atualize.cadxtem.online/caixatem.php accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 15 Mar 2024 07:36:31 GMT content-encoding br last-modified Wed, 06 Mar 2024 16:44:46 GMT server nginx etag W/"328-61300ad2c97ab" content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://atualize.cadxtem.online/socket.io/?EIO=4&transport=polling&t=Ov12dqN Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atualize.cadxtem.online/socket.io/?EIO=4&transport=polling&t=Ov12eDP Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
atualize.cadxtem.online
200.69.21.152
52.222.214.35
0ffef8de1b0718163f063c83041c0600649a7502101f5da81cd6bc42c45ca3a5
31725cd33ae578e0cf5cc135fc6fd29d24158d9eb16fee6a40c47b754c75f453
3fd4831c4c7cdc3d26a978b40241a16a7795c65d9f0f9c0b887602b719007a4a
63c6bca75c5ba6da5336acef9f07f249f52b6ef6343f5d1ec46916139b30ee16
6be86aba8fa17533af934b82b5eda173ce02dbd969372608406179648cce4779
736161c02d6980a800ee35c57b869cbd6f352c411203b89e794b53edc56cdf5e
83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1
88fb48c350619c7ede48413118c899900d5801f565f16bf2f78b23c753128c79
99e691fae5e88eb36bafb24758b35f0f990708295f8f2abe2221891e328f776a
9e6b31e52eba36a38459ecf9305ff986e9268a7ce2498177ff30f0b0a8f81886
a10b2226b24cb524fc090fc6b617601ddfa9c6bfc32b95c415b8057f0b32b340
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
cef588bc026161c06f8f09683b4dbe9478955be7d9704bf81b625725b3d495d5
d8bd3924a741b75957ee3367bbc1c900511e4e63d10da54d9204bd5929b02764
eb36e7473ecb490885c097151ae7b39578df4140aaf254db51b4082f83840dc1
eb545b8ac4e9673641214567329f2d88a8546e1a7a10e0be37ce709fd94f0fb4
f4d77754b30e09df3ae9f69513eb48fc68e092d2599cc29cd961b8254e311dbb

atualize.cadxtem.online Open in urlscan Pro 200.69.21.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

128 kBTransfer

288 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

atualize.cadxtem.online Open in urlscan Pro
200.69.21.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

128 kB
Transfer

288 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!