![](/screenshots/f6214164-1f66-4c5a-8b06-855a66a6b969.png)
www.assistenciacef3943.info
Open in
urlscan Pro
68.178.246.104
Malicious Activity!
Public Scan
Effective URL: http://www.assistenciacef3943.info/Acesso-3004/91.199.118.79/91.199.118.79-ijGMnhYluN02Sq0I47Ns4swFdDAy.php?Sicronizar
Submission: On December 15 via manual from BR — Scanned from DE
Summary
This is the only time www.assistenciacef3943.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Caixa (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 206.72.205.7 206.72.205.7 | 19318 (IS-AS-1) (IS-AS-1) | |
1 | 205.144.171.109 205.144.171.109 | 7296 (ALCHEMYNET) (ALCHEMYNET) | |
2 18 | 68.178.246.104 68.178.246.104 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
18 | 3 |
ASN7296 (ALCHEMYNET, US)
PTR: 205-144-171-109.alchemy.net
chave03252pix033-001-site1.itempurl.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-68-178-246-104.ip.secureserver.net
www.assistenciacef3943.info |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
assistenciacef3943.info
2 redirects
www.assistenciacef3943.info |
253 KB |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
itempurl.com
chave03252pix033-001-site1.itempurl.com |
677 B |
1 |
google-url.com
1 redirects
google-url.com |
494 B |
18 | 4 |
Domain | Requested by | |
---|---|---|
18 | www.assistenciacef3943.info |
2 redirects
www.assistenciacef3943.info
|
1 | fonts.googleapis.com |
www.assistenciacef3943.info
|
1 | chave03252pix033-001-site1.itempurl.com | |
1 | google-url.com | 1 redirects |
18 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.assistenciacef3943.info/Acesso-3004/91.199.118.79/91.199.118.79-ijGMnhYluN02Sq0I47Ns4swFdDAy.php?Sicronizar
Frame ID: FC45EC872BB7F6174D05B94D1E0AD4FB
Requests: 2 HTTP requests in this frame
Frame:
http://www.assistenciacef3943.info/Acesso-3004/login/
Frame ID: 5346211C28EF264E8EA539CFACD62005
Requests: 6 HTTP requests in this frame
Frame:
http://www.assistenciacef3943.info/Acesso-3004/login/home.php
Frame ID: 8828BD1690F35466211C2E6AD4BD677C
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/f6214164-1f66-4c5a-8b06-855a66a6b969.png)
Page Title
🔒 Seja Bem-vindo ao Novo PortalPage URL History Show full URLs
-
https://google-url.com/G8tee?-saber-virtual/solucoes-de-acesso-e-navegacao/
HTTP 301
http://chave03252pix033-001-site1.itempurl.com/M40950/Passwo309004.html?-saber-virtual%2Fsolucoes-de-acesso-e-navegacao%2F= Page URL
-
http://www.assistenciacef3943.info/Acesso-3004/
HTTP 302
http://www.assistenciacef3943.info/Acesso-3004/91.199.118.79/91.199.118.79-ijGMnhYluN02Sq0I47Ns4swFdDAy.php?Sic... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://google-url.com/G8tee?-saber-virtual/solucoes-de-acesso-e-navegacao/
HTTP 301
http://chave03252pix033-001-site1.itempurl.com/M40950/Passwo309004.html?-saber-virtual%2Fsolucoes-de-acesso-e-navegacao%2F= Page URL
-
http://www.assistenciacef3943.info/Acesso-3004/
HTTP 302
http://www.assistenciacef3943.info/Acesso-3004/91.199.118.79/91.199.118.79-ijGMnhYluN02Sq0I47Ns4swFdDAy.php?Sicronizar Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://google-url.com/G8tee?-saber-virtual/solucoes-de-acesso-e-navegacao/ HTTP 301
- http://chave03252pix033-001-site1.itempurl.com/M40950/Passwo309004.html?-saber-virtual%2Fsolucoes-de-acesso-e-navegacao%2F=
- http://www.assistenciacef3943.info/Acesso-3004/login HTTP 301
- http://www.assistenciacef3943.info/Acesso-3004/login/
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Passwo309004.html
chave03252pix033-001-site1.itempurl.com/M40950/ Redirect Chain
|
317 B 677 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
91.199.118.79-ijGMnhYluN02Sq0I47Ns4swFdDAy.php
www.assistenciacef3943.info/Acesso-3004/91.199.118.79/ Redirect Chain
|
519 B 609 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.assistenciacef3943.info/Acesso-3004/login/ Frame 5346 Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min2.css
www.assistenciacef3943.info/Acesso-3004/login/css/ Frame 5346 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-theme.min2.css
www.assistenciacef3943.info/Acesso-3004/login/css/ Frame 5346 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame 5346 |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min2.js
www.assistenciacef3943.info/Acesso-3004/login/js/ Frame 5346 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cadeado.png
www.assistenciacef3943.info/Acesso-3004/login/ Frame 5346 |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.php
www.assistenciacef3943.info/Acesso-3004/login/ Frame 8828 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.css
www.assistenciacef3943.info/Acesso-3004/login/ Frame 8828 |
1 KB 872 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inicio.css
www.assistenciacef3943.info/Acesso-3004/login/ Frame 8828 |
1 KB 776 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular-material.min.css
www.assistenciacef3943.info/Acesso-3004/login/arq/ Frame 8828 |
393 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bulma.min.css
www.assistenciacef3943.info/Acesso-3004/login/arq/ Frame 8828 |
227 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-fisica.css
www.assistenciacef3943.info/Acesso-3004/login/arq/ Frame 8828 |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
www.assistenciacef3943.info/Acesso-3004/login/js/ Frame 8828 |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top2.png
www.assistenciacef3943.info/Acesso-3004/login/images/ Frame 8828 |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
www.assistenciacef3943.info/Acesso-3004/login/ Frame 8828 |
1 KB 723 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprites.png
www.assistenciacef3943.info/Acesso-3004/login/images/ Frame 8828 |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Caixa (Government)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
google-url.com/ | Name: PHPSESSID Value: a4190fca5eb90a8146061b7b5356facf |
|
google-url.com/ | Name: short_G8tee Value: 1 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
chave03252pix033-001-site1.itempurl.com
fonts.googleapis.com
google-url.com
www.assistenciacef3943.info
205.144.171.109
206.72.205.7
2a00:1450:4001:827::200a
68.178.246.104
4969118a392bbd7190382dabf6178a3aabd819f0c1e1cbea9d763b18305ad9ae
5796d813bf19d982091467e304bb968313dbd997df9e506dcf93f58e234ae41c
5cef66deb65448f5a56a94a5afd8218488d52a031faba3e87d311faef37d4b1b
63eaf9edc74a3164913cb6a6d08b7c41c6952b3a5cd34849ee888204d9550363
643db4cacc67e642ddad8abbc5fea5b65e0699799c9465cd3faef2a146a88fbe
72d83f56e8b0c993783c1727686b6399128279210c1f4caf486ae6316e079f49
7f8aac76b9e502b2c807e4d00c8c617889b7feb99b9ad99f72a9ab15eb996d10
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a58fa15fce0a32b110aa0f328dbe2b80efef8fbbd5ae1890a0b8d99dddcebade
b07f3473f3a889798a93b7b02c3b9399d4814e82765b988aa54edb93f4d5f2c5
b23e3670abf1dde79cffe3a61e9a8570a3c5172f6c0704578b6b69ae99a0a81d
c3d27712f74945591fe0baab57764985659392668bd0463b2d50ba6bee5468d7
cdb0f9f7048a0f7d03f38e52734cfbbbe4bcccaef7e6fd094df212dedcaf7e3c
d43ad5c9f1b4c6456f68c3de18a43c226255b21eeb4814c880eb09cb1a6fa3c0
e5a8e4013d1a033e96e74d172609b88347e424904d7bd3db49791a7cb7d2b491