centralsafra.websiteseguro.com
Open in
urlscan Pro
187.45.193.209
Malicious Activity!
Public Scan
Submission: On June 26 via manual from BR
Summary
TLS certificate: Issued by GlobalSign Domain Validation CA - SHA... on May 9th 2019. Valid for: a year.
This is the only time centralsafra.websiteseguro.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Safra Limited (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 187.45.193.209 187.45.193.209 | 27715 (Locaweb S...) (Locaweb Serviços de Internet S/A) | |
1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
18 | 3 |
ASN27715 (Locaweb Serviços de Internet S/A, BR)
PTR: hm2881.locaweb.com.br
centralsafra.websiteseguro.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
websiteseguro.com
centralsafra.websiteseguro.com |
2 MB |
1 |
jquery.com
code.jquery.com |
33 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
10 | centralsafra.websiteseguro.com |
centralsafra.websiteseguro.com
code.jquery.com |
1 | code.jquery.com |
centralsafra.websiteseguro.com
|
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.websiteseguro.com GlobalSign Domain Validation CA - SHA256 - G2 |
2019-05-09 - 2020-05-09 |
a year | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://centralsafra.websiteseguro.com/
Frame ID: E36937A429524ECCDE26D2D59E363D70
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
centralsafra.websiteseguro.com/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
centralsafra.websiteseguro.com/wp-admin/ |
16 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu.png
centralsafra.websiteseguro.com/IMAGENS/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carregando.gif
centralsafra.websiteseguro.com/IMAGENS/ |
76 KB 77 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.12.4.min.js
code.jquery.com/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
safra.png
centralsafra.websiteseguro.com/IMAGENS/ |
988 KB 988 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Parte2.png
centralsafra.websiteseguro.com/IMAGENS/ |
736 KB 737 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Parte3.png
centralsafra.websiteseguro.com/IMAGENS/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
Inicial.png
centralsafra.websiteseguro.com/IMAGENS/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
69 B 400 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
69 B 400 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
69 B 342 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
69 B 400 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST |
wp-admin.php
centralsafra.websiteseguro.com/wp-admin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/IMAGENS/Parte3.png
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/IMAGENS/Inicial.png
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/wp-admin/wp-admin.php
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/wp-admin/wp-admin.php
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/wp-admin/wp-admin.php
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/wp-admin/wp-admin.php
- Domain
- centralsafra.websiteseguro.com
- URL
- https://centralsafra.websiteseguro.com/wp-admin/wp-admin.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Safra Limited (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| validate function| autotab function| $ function| jQuery string| oldtext function| enviar function| LimpaSenha function| senhaclick function| letclick function| ddfclick0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
centralsafra.websiteseguro.com
code.jquery.com
centralsafra.websiteseguro.com
187.45.193.209
205.185.208.52
0a4508a571bd3ffb1634dd58c4af9f129bea56468186a18e108a5c5689fdd266
2886dd5a59bbcab81f5e02aa8849ff981c7ce441c2aff7f0bdcce2cb8055b879
60431ad0b48e8105326dd890ca379d3db166bd0d961d28c59574d0bb705eb4d5
64fc70946c3b3c1ef4167244251fbdebec1bc54c2b3aded647e6d0821a66bcc3
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
bd9ffb3e93ae7e538c1148cf835d6a8c51837974348fdb1215482f5dbe599604
e2410a36ff2dbac67c4e002f37c48a2c1f8f7f15b3a18ab6d6bb8e58abae0399
f49b6083a9b45f3412799b55f28458458aa3021e5d89dcd27837f82e75553580