![](/screenshots/e8bde3e0-4ad2-47f2-98ce-40b04bd3c2b1.png)
pacoscontas.pt
Open in
urlscan Pro
94.126.169.121
Malicious Activity!
Public Scan
Effective URL: https://pacoscontas.pt/.Secure/login/2018/cembra/fr.htm
Submission: On May 30 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 8th 2018. Valid for: 3 months.
This is the only time pacoscontas.pt was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mastercard (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 80.78.250.67 80.78.250.67 | 197695 (AS-REG) (AS-REG) | |
1 19 | 94.126.169.121 94.126.169.121 | 8426 (CLARANET-...) (CLARANET-AS ClaraNET LTD) | |
19 | 2 |
ASN8426 (CLARANET-AS ClaraNET LTD, GB)
PTR: cpanel21.dnscpanel.com
pacoscontas.pt |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
pacoscontas.pt
1 redirects
pacoscontas.pt |
150 KB |
1 |
gslapshina.ru
www.gslapshina.ru |
377 B |
19 | 2 |
Domain | Requested by | |
---|---|---|
19 | pacoscontas.pt |
1 redirects
pacoscontas.pt
|
1 | www.gslapshina.ru | |
19 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
pacoscontas.pt Let's Encrypt Authority X3 |
2018-04-08 - 2018-07-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pacoscontas.pt/.Secure/login/2018/cembra/fr.htm
Frame ID: B58C0FF806BE41F4446879EEC1EFCD73
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/e8bde3e0-4ad2-47f2-98ce-40b04bd3c2b1.png)
Page URL History Show full URLs
- http://www.gslapshina.ru/img/ Page URL
-
https://pacoscontas.pt/.Secure/login/2018/cembra/
HTTP 302
https://pacoscontas.pt/.Secure/login/2018/cembra/fr.htm Page URL
Detected technologies
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.gslapshina.ru/img/ Page URL
-
https://pacoscontas.pt/.Secure/login/2018/cembra/
HTTP 302
https://pacoscontas.pt/.Secure/login/2018/cembra/fr.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.gslapshina.ru/img/ |
96 B 377 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
fr.htm
pacoscontas.pt/.Secure/login/2018/cembra/ Redirect Chain
|
15 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
682 B 923 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
970 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10col.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cembra.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
787 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
90 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
x-out.js
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pwdbase.js
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pwdcookies.js
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
optinlang.json
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
6 KB 6 KB |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cembra.gif
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vpas_logo.gif
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
submit_fr_FR.gif
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
862 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5col.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
988 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3col.css
pacoscontas.pt/.Secure/login/2018/cembra/cembra_fichiers/ |
550 B 791 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dotsfont.woff
pacoscontas.pt/.Secure/login/2018/cembra/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dotsfont.ttf
pacoscontas.pt/.Secure/login/2018/cembra/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mastercard (Financial)48 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery boolean| CAPTURE_XOUT boolean| TRAP_RIGHT_CLICK number| KEY_F5 number| KEY_LEFT number| KEY_HOME number| KEY_R number| BTN_RIGHT boolean| isNS boolean| isIE boolean| isNS4 string| formTags function| gatherFormData function| onUnloadHandler function| OnClickHandler function| onDocClick function| onDocKeyDown function| ChipCardInAuthList function| ChipCardSelected function| CanFallBack function| AuthSelectExists function| SecurityWindow function| HelpWindow function| IsNetscapeOnSolaris function| OnCancelHandler function| OnFPWDHandler function| OnSubmitHandler function| atleastOneNumber function| atleastOneLetter function| onlyNumbersAndLetters function| SetSubmit function| ResetSubmit function| ClearPin function| firstlastLetters function| computeTopDomain function| getTopDomain function| isTopDomain function| makeWindowName function| getCookie function| setCookie function| setPermCookie function| delCookie function| removeCookie string| de_DE string| en_GB string| fr_FR string| it_IT0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
pacoscontas.pt
www.gslapshina.ru
80.78.250.67
94.126.169.121
0101252001119af66ec40e008880e11dc5955740d788866b358dbb86119b2fd1
0553e0bd860c04ebadaf0d43b90518ecf7239c9f906fdad3822e3ae06435522c
0d4d0cd0177546b44e2d01f8ff170c4d09de74fddb5d2befb4b25d79f6b6e0df
230b66eea8895ccdad69e9dbf54ccd0dcceeeff184c97fc4567578365669b4ef
234b10436583eba5eea60ba8a6b793119f79426d3b0eca3a99b29235f475e856
52517cebdcd3e66beabc4f340915d29f31a3758381ecee7a4dee78233be7eeb8
598793172aaa06d20786674c396f0738273b4551c7cb5412b798472ee6c1d50a
7134a08c16a0a97de4db6c67f77a1fe4c88c058e67f1bf91f93fdeb712152707
899b9d47dec533404dd79531b44209f8f803f60d17765c8491c54fd09f4d3039
a1ada339b047646f1e41dd436710343f546fd939795405c5fa5ee7b0ed51ccfc
c48383194660be352145243eecf8a0e1ee51268484ec2916c615d8fcc573fbca
cae369b10535769418cf15b0e5c1617f30c796b41341fd6eb9904a682eb662a4
df5badf88b76d17405c8399debb83e9b0e2f35cc1fe405cbe0d9f2298a805121
e680601716899098771704af83007b36e65edb05ee508ac3b44efa88faf94a1e
e7bfa7cdc3c25d1b1e987ef27c254de94e17d17e28b07564d57a393ea4b4775c
f4bab64c64ec65393c4b8a49a7bf29c77535aeb1e64527ef185d32c650dd9571