porposta-unica.com Open in urlscan Pro
198.46.91.8  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response porposta-unica.com/aplicativo/	44 KB 11 KB	523ms 124ms	Document text/html	198.46.91.8 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://porposta-unica.com/aplicativo/ Protocol HTTP/1.1 Server 198.46.91.8 , United States, ASN54641 (IMH-IAD, US), Reverse DNS Software nginx/1.25.3 / Resource Hash 13dd82c5194e731ac899a17121c7331078cf27964f8e9d2a90a3770e9332ab54 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 20 Mar 2024 22:20:00 GMT Last-Modified Wed, 17 Jan 2024 02:43:52 GMT Server nginx/1.25.3 Transfer-Encoding chunked Vary Accept-Encoding X-Proxy-Cache DISABLED
GET H2	200	disable-devtool@latest Show response cdn.jsdelivr.net/npm/	17 KB 7 KB	131ms 50ms	Script application/javascript	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/disable-devtool@latest Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer http://porposta-unica.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 20 Mar 2024 22:20:00 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 24309 x-jsd-version 0.3.7 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230055-FRA, cache-lga21963-LGA x-jsd-version-type version server cloudflare etag W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5PkJT%2FKmSJ9ZM%2Fi44Ihh4DY336p%2Bhjn9rgj9mSSR22%2BYH4azw12F11CFKsuUF1tUPpIYZ01JoJKKDDn3aWd6t%2FYRi4BYvV5fDHSUP4ece9oZ8g9RSm7YSal%2F17esr0bgVOvFq5kVvjlmVZPEFPk%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 timing-allow-origin * cf-ray 867916488ac44d91-FRA
GET H2	403	serasa-logo-full-004a91d5ce87257d803b0516311e112c.svg www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/	0 0	1645ms 547ms	Image text/html	45.60.13.174 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/serasa-logo-full-004a91d5ce87257d803b0516311e112c.svg Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.13.174 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer http://porposta-unica.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers
GET H/1.1	200 OK	application.js Show response porposta-unica.com/aplicativo/	88 KB 38 KB	127ms 126ms	Script application/javascript	198.46.91.8 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://porposta-unica.com/aplicativo/application.js Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol HTTP/1.1 Server 198.46.91.8 , United States, ASN54641 (IMH-IAD, US), Reverse DNS Software nginx/1.25.3 / Resource Hash 9ccb382c2ebb02287433fa9d183cf49a1279f813c59811272d06275842dca617 Request headers accept-language de-DE,de;q=0.9 Referer http://porposta-unica.com/aplicativo/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Wed, 20 Mar 2024 22:20:00 GMT Content-Encoding gzip Last-Modified Mon, 12 Feb 2024 18:05:40 GMT Server nginx/1.25.3 Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Connection keep-alive X-Proxy-Cache DISABLED
GET		modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/	0 0
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v30/	11 KB 11 KB	131ms 45ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://porposta-unica.com/ Origin http://porposta-unica.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Mon, 18 Mar 2024 13:18:48 GMT x-content-type-options nosniff age 205272 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11028 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:50 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 18 Mar 2025 13:18:48 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 fonts.gstatic.com/s/roboto/v30/	11 KB 11 KB	124ms 39ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://porposta-unica.com/ Origin http://porposta-unica.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Tue, 19 Mar 2024 07:55:23 GMT x-content-type-options nosniff age 138277 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11040 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 19 Mar 2025 07:55:23 GMT
GET H2	200	KFOmCnqEu92Fr1Me5g.woff fonts.gstatic.com/s/roboto/v30/	64 KB 64 KB	57ms 40ms	Font font/woff	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff Requested by Host: porposta-unica.com URL: http://porposta-unica.com/aplicativo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://porposta-unica.com/ Origin http://porposta-unica.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Tue, 19 Mar 2024 08:00:09 GMT x-content-type-options nosniff age 137992 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 65456 x-xss-protection 0 last-modified Wed, 11 May 2022 19:25:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 19 Mar 2025 08:00:09 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.serasa.com.br

URL

https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Serasa (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| DisableDevtool function| _0x3828 function| _0x2983 function| _0x19a36a function| _0x558a84 function| formatCPF function| _0x3fc7fe function| validateCPF function| _0x48f651 function| _0x4a229d function| _0x146283

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.serasa.com.br/	1970-01-21 04:00:23	Name: visid_incap_1911258 Value: tzmSjxDlQVGHAxe5Wefa4xJh+2UAAAAAQUIPAAAAAACvmM9lpi/pmoPNhthH9BYM
			.serasa.com.br/	1969-12-31 23:59:59	Name: incap_ses_727_1911258 Value: QgIHYZiuEWy05H0I0NMWChJh+2UAAAAAvQebO5e54f7N4JOlCSHQZQ==

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: http://porposta-unica.com/aplicativo/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: http://porposta-unica.com/aplicativo/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/serasa-logo-full-004a91d5ce87257d803b0516311e112c.svg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.gstatic.com
porposta-unica.com
www.serasa.com.br
www.serasa.com.br
198.46.91.8
2606:4700::6810:5614
2a00:1450:4001:80f::2003
45.60.13.174
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
13dd82c5194e731ac899a17121c7331078cf27964f8e9d2a90a3770e9332ab54
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
9ccb382c2ebb02287433fa9d183cf49a1279f813c59811272d06275842dca617
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f