dulliusimoveis.com.br Open in urlscan Pro
2606:4700:3031::6815:15f0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://grabify.link/mpi9gd
Effective URL:
https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
Submission: On November 30 via api (November 30th 2023, 8:50:21 am UTC) from US — Scanned from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3031::6815:15f0, located in United States and belongs to CLOUDFLARENET, US. The main domain is dulliusimoveis.com.br.
TLS certificate: Issued by E1 on October 11th 2023. Valid for: 3 months.

This is the only time dulliusimoveis.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	104.26.9.202 104.26.9.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3033::ac43:c96d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	2606:4700:303... 2606:4700:3031::6815:15f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80a::200a	15169 (GOOGLE) (GOOGLE)
1	104.243.38.202 104.243.38.202	23470 (RELIABLESITE) (RELIABLESITE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
15	7

6 104.26.9.202 (None, )

ASN13335 (CLOUDFLARENET, US)

grabify.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:c96d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dulliusimoveis.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3031::6815:15f0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dulliusimoveis.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80a::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.243.38.202 (Piscataway, United States)

ASN23470 (RELIABLESITE, US)

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dulliusimoveis.com.br 2 redirects dulliusimoveis.com.br	8 KB
6	grabify.link grabify.link — Cisco Umbrella Rank: 689573	57 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 12045	53 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 864	7 KB
15	6

	Domain	Requested by
6	dulliusimoveis.com.br	2 redirects grabify.link dulliusimoveis.com.br
6	grabify.link	grabify.link static.cloudflareinsights.com
1	fonts.gstatic.com	fonts.googleapis.com
1	i.ibb.co	dulliusimoveis.com.br
1	fonts.googleapis.com	dulliusimoveis.com.br
1	static.cloudflareinsights.com	grabify.link
15	6

This site contains no links.

Subject Issuer	Validity	Valid
grabify.link GTS CA 1P5	`2023-10-13` - `2024-01-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
dulliusimoveis.com.br E1	`2023-10-11` - `2024-01-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
ibb.co R3	`2023-10-09` - `2024-01-07`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
Frame ID: 9C3FA56BC8E79B3ABEB9CA149C71FC5B
Requests: 13 HTTP requests in this frame

Frame: https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Frame ID: 38FED6D782249325A1278F4B05D641CC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook - Log in or signup

Page URL History Show full URLs

https://grabify.link/mpi9gd Page URL
http://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php HTTP 301
https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

87 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

141 kB
Transfer

289 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://grabify.link/mpi9gd Page URL
http://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php HTTP 301
https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 mpi9gd Show response
grabify.link/ 4 KB
3 KB 1347ms
1264ms Document
text/html 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grabify.link/mpi9gd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f47c1e9eefcbe2eba9564ef54d754ad84c050f993333c9264545d6b760f127a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 82e1d77a1c2574a2-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 30 Nov 2023 08:50:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jkjglu7ZmFEQvsJV3oCJKagQeRLjZ3lDfmp4iLbZsUkUVOW14vdU1seDWtEoT0Icze0CgRSEopo8%2B4Y7bpgkuxmE7PctYr0plwFWOiwCpe%2BkHYje7f%2FPuZIaxzgmHw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-ratelimit-limit: 15
x-ratelimit-remaining: 13

GET
H2 200 ads.js Show response
grabify.link/js/ 19 B
415 B 53ms
50ms Script
application/javascript 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grabify.link/js/ads.js
Requested by: Host: grabify.link
URL: https://grabify.link/mpi9gd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a0f6cf6b4648c192d81b5fc7b70cb2f6819ef4a799e421e8626cae9697aa85a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6563
cf-polished: origSize=21
alt-svc: h3=":443"; ma=86400
content-length: 19
cf-bgj: minify
last-modified: Thu, 02 Mar 2023 08:48:42 GMT
server: cloudflare
etag: "15-5f5e6e55d59b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xakfUPdRT4imZ8UfzhD3lNELVnNQ3GXZi7PzODrnfPg9dTtN9YcSp1JAF8iJtd5QEWb6gq8Zlzg%2BXnnuOlkrMCWcxOutjRGydHBNjdQlAOlIDu8Yx5VrHcSwYVX%2B8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
accept-ranges: bytes
cf-ray: 82e1d782195974a2-MIA

GET
H2 200 jquery-2.5.1.min.js Show response
grabify.link/js/ 167 KB
50 KB 277ms
275ms Script
application/javascript 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grabify.link/js/jquery-2.5.1.min.js?id=c2f7e138841b9f9ee8f7bf31813dbf09
Requested by: Host: grabify.link
URL: https://grabify.link/mpi9gd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e86246b3842e02a20fa3a3b71095fd9bb733cf36b71710047b9ee96fdce8435

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:16 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 09 Aug 2023 03:01:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"29d1a-60274b261db9a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qkccftTd%2FJyFkxJEEA2Efq1UphOhNeH4s998%2Bwu4Wy2wDxczBC9CYYc9ZgvaRNxjcYWzBkAf6pAiB28jrmFekZi9nUa7HZ7%2Bx3PFRyytk8Z3u3VDMIFOhWBJzjXIYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 82e1d782195b74a2-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 149ms
61ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: grabify.link
URL: https://grabify.link/mpi9gd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
Origin: https://grabify.link
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:16 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 82e1d782bdbc6da1-MIA

GET
H3 200 jquery-2.5.2.min.js Show response
grabify.link/js/ 6 KB
3 KB 705ms
705ms Script
application/javascript 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grabify.link/js/jquery-2.5.2.min.js
Requested by: Host: grabify.link
URL: https://grabify.link/js/jquery-2.5.1.min.js?id=c2f7e138841b9f9ee8f7bf31813dbf09
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02cdd90c9c266e18d6b72610e6b438a3aaf3ca4cc707122de93807e7d01e5954

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 09 Aug 2023 03:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"186d-60274b26ce7be-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BlWzc8kKhtfqfE67cgrUQhu1BkyuzHIUFU0tFSWSLN6bItDIfjL%2BI0Rs%2B4hQWTNGEjGgUa%2BvCkIN%2B5dZB1x53ncPVDf7TvPXZ%2FbgPqVYyDe4mtNpBdvMA78UlBT98A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 82e1d7869a86288e-MIA
alt-svc: h3=":443"; ma=86400

POST
H3 204 rum Show response
grabify.link/cdn-cgi/ 0
139 B 38ms
38ms XHR
text/plain 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://grabify.link/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
content-type: application/json

Response headers

date: Thu, 30 Nov 2023 08:50:17 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://grabify.link
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 82e1d78c7eb6288e-MIA

POST
H3 200 js
grabify.link/api/ 16 B
1 KB 303ms
298ms XHR
application/json 104.26.9.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grabify.link/api/js
Requested by: Host: grabify.link
URL: https://grabify.link/js/jquery-2.5.1.min.js?id=c2f7e138841b9f9ee8f7bf31813dbf09
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.9.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
X-CSRF-TOKEN: uy4ciacQwA1uxF7SMkR4tJYgWu4A4KjzzdNE88L8
accept-language: en-US,en;q=0.9
User-Agents: dXk0Y2lhY1F3QTF1eEY3U01rUjR0SllnV3U0QTRLanp6ZE5FODhMOA==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Nov 2023 08:50:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-ratelimit-remaining: 7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKMMmkjSln9gOd1qIlTvryp9xFiaEAXnjGd5SVdNg36qQrlGYOlZ9f3ClblcfUKxvhv3GJnqT9DAU9mmJXnb6AlTiLnsCVnquJmwnjaiSTlO6uMzVVkFpr9a4jvu8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-ratelimit-limit: 10
cf-ray: 82e1d78caed7288e-MIA
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request f28u0hg5.php Show response
dulliusimoveis.com.br/links/FC-V1/
Redirect Chain

http://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php

3 KB
2 KB

572ms
235ms

Document
text/html

2606:4700:3031::6815:15f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
Requested by: Host: grabify.link
URL: https://grabify.link/js/jquery-2.5.1.min.js?id=c2f7e138841b9f9ee8f7bf31813dbf09
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:15f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb3b298a18fafe512e6c930557ea1f4168f61e4df894d6df8daea9b83032ed2c

Request headers

Referer: https://grabify.link/mpi9gd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82e1d7919e8e21f9-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 30 Nov 2023 08:50:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBSaAmU0bGbfQp99po4L17rXfr87eSfsqIKNyvLlbFFE0Kgb60nPnFE8aHuaZCIk6hUg0qGWM%2BRnEGbSnC69GrMCIAOJMftgs8Y822cEIpm8DfZljwLUoSgGAXpY2cUTDwJgJKbqRBDIz5O6gpswDehCPYY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 82e1d78f6e2a3711-MIA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 30 Nov 2023 08:50:18 GMT
Expires: Thu, 30 Nov 2023 09:50:18 GMT
Location: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gyCc0TvI1O5%2F%2FQO%2FDU0%2FnHaRry4JGOYbUuFgJ%2BK%2B%2F%2FFVNiJz8cW%2FgaI17rESGmBGdbL%2F9ajKGn2%2FfVOKi8bgfumOgxw1tahsV8cjAnmiSHCxdJC7vY4ybGOqBaaS4Hsq3gfE5EjJBKfY9wrDXve259st9o%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

POST rum
grabify.link/cdn-cgi/ 0
0

GET
H2 200 fb_style.css
dulliusimoveis.com.br/links/FC-V1/css/ 3 KB
1 KB 54ms
37ms Stylesheet
text/css 2606:4700:3031::6815:15f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dulliusimoveis.com.br/links/FC-V1/css/fb_style.css
Requested by: Host: dulliusimoveis.com.br
URL: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:15f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04ffab711670231083a9808a85070488ad269d315654fee57cf79aeb3f48db36

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Nov 2023 08:07:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2431
etag: W/"656842cf-da7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bw4Pyp3c%2B%2BRl3MP0VqM5Z7tWJ9xzXjIExUXBpFysLpZlLfwYeCFzU6xhQwkjYYDlrt9PWFynttW7BOSa0WPTMdv9sErGnjrrx2HcEDFB6geVxBPLUJwM%2FFNHgqtnkSYgaP8Vcuuu8dCKRGV7xpSy0lx%2BoBs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 82e1d7939f4921f9-MIA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 20:09:47 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 229ms
78ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

Requested by

Host: dulliusimoveis.com.br
URL: https://dulliusimoveis.com.br/links/FC-V1/css/fb_style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

21fa9748efb8c509c94597f75d1784b536bcc05c6df36b25523a51ec14a3c7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dulliusimoveis.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 30 Nov 2023 08:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 30 Nov 2023 08:40:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Nov 2023 08:50:19 GMT

GET
H2 200 header.png
i.ibb.co/yRc51C8/ 53 KB
53 KB 209ms
61ms Image
image/png 104.243.38.202
RELIABLESITE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/yRc51C8/header.png
Requested by: Host: dulliusimoveis.com.br
URL: https://dulliusimoveis.com.br/links/FC-V1/css/fb_style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.243.38.202 Piscataway, United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software: nginx /
Resource Hash: 5c4d4dde7b53da22a5ad4c30dfa48c8c9a2e7f10491fabf1fdc3863e077cde01

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dulliusimoveis.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:19 GMT
last-modified: Fri, 01 Nov 2019 15:17:32 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 53765
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 205ms
65ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dulliusimoveis.com.br
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 07:56:27 GMT
x-content-type-options: nosniff
age: 521632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 07:56:27 GMT

GET
H3

200

main.js Show response
dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/ Frame 38FE
Redirect Chain

https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

7 KB
4 KB

38ms
37ms

Script
application/javascript

2606:4700:3031::6815:15f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

Requested by

Host: dulliusimoveis.com.br
URL: https://dulliusimoveis.com.br/links/FC-V1/f28u0hg5.php

Protocol

Server

2606:4700:3031::6815:15f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d5906fbdfa4c177186856d55dab1f5a32b990c65439b8b7fdd54298e03aea6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 08:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SkSfjpc3HIt8S0crTaSJiNwvkpXhRbiOi%2FYRvIS2la3Kl%2FFBbriQLw7iEZtrOt6lwBhDYy48WpdHMK6RE4pIfMpHOs2YPBI%2FsZMCQppaJ%2BTeLy7%2B%2F2knzfmXR%2Bq%2Fk%2FaNfJjskZHa%2FHO0d9wwbtzAh5SAJRI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 82e1d795bc50334f-MIA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 30 Nov 2023 08:50:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4SDLeL0dsyBE330V%2B7uaG%2FyYkQhV%2Btkqeapy1sKZ2AxnGwQFpCF9G4fHXCG%2F%2BavK%2FCJv1tHlAV7QqCYLswShauLNDegll8xhWfVPcSDauPk24tBQqJLclewcWQUejSvfzVikaVkpu0QqiNyp8OOcUz923OM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
cache-control: max-age=300, public
cf-ray: 82e1d7957c09334f-MIA
alt-svc: h3=":443"; ma=86400

POST
H3 200 82e1d7919e8e21f9 Show response
dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 38FE 0
569 B 49ms
46ms XHR
text/plain 2606:4700:3031::6815:15f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/h/g/jsd/r/82e1d7919e8e21f9
Requested by: Host: dulliusimoveis.com.br
URL: https://dulliusimoveis.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:15f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Nov 2023 08:50:19 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JhsYzLDJLmEL9jShyw5unj6DSPXWGOKyCYR0f6CevufarVYBtpCdMgnX0jsG%2FZGxRezaca7fp9r2HiqRIpX6ZFSHsxgN9wTzrGO8MXx2oxUj2jcKBBh7Ay%2FIZmHwQf1Gur%2F3l8BwtYoDPraCPDQfKDNgcJc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 82e1d7975d0b334f-MIA
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: grabify.link
URL: https://grabify.link/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
grabify.link/	1970-01-20 16:35:52	Name: XSRF-TOKEN Value: eyJpdiI6IkF5Ym5kcFRvWGZtL3Y5ZUxhT2pRcFE9PSIsInZhbHVlIjoib05IWlRtblJ1MnVNd0JpcGhLR3hId00wRUgzL2pEV3ZrRVFZc3o3ZWRwUTc5WFZoNHBYODZDOENVTWFrZ210a0orUGpWaVRHbytGcXRXMU5ITEtHK2l0b3dxUWJUTGdaQldLUWU0TllnUWErcGFDaHB1NUVJcHZiRW1ibkxQdnciLCJtYWMiOiJiNmI5OTFiYWE4OWNjZWE5ZWM0MzkyMTJlMGE5NDVjODNlZTdkZmM2NTZiZjM5MjY4ODZiMTZiN2QyODYzYTZkIiwidGFnIjoiIn0%3D
grabify.link/	1970-01-20 16:35:52	Name: g_session Value: eyJpdiI6IjMyZCtkRWdLNTNIWnY2cndDZGYrdmc9PSIsInZhbHVlIjoiTFo2RjlpeVpVWE1kbGUrYW5xTm83Q2pKQ3NrekRjb2QzNGJkZVQrek9zQXV5dFlHK2JBb25OTUg2MDcrWFJiRndyYVpkOFQxS0wybmJNeGtmNzhnN1BkNHlPTGlkUUpkRzRXeEFaYk5yWEZqUGsybnpERjV5ZXVDc25jdWZzZUoiLCJtYWMiOiI3ZDA4ZWIwNzI2YTFlMTU4OThiODc2ZTM2NjcwODA3YWY4MGM1MDhlZTAyNDQ0OWZkZDJhMDE0Y2NkYmRjZDY2IiwidGFnIjoiIn0%3D
.dulliusimoveis.com.br/	1970-01-21 01:21:10	Name: cf_clearance Value: Zdm2kbt_KwPHU0gKzL4.FRIuPE6fxF0Dh9IBtaPSk8c-1701334219-0-1-9509cba2.23430404.2740d0e-0.2.1701334219

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dulliusimoveis.com.br
fonts.googleapis.com
fonts.gstatic.com
grabify.link
i.ibb.co
static.cloudflareinsights.com
grabify.link
104.243.38.202
104.26.9.202
2606:4700:3031::6815:15f0
2606:4700:3033::ac43:c96d
2606:4700::6810:3965
2607:f8b0:4006:80a::200a
2607:f8b0:4006:80c::2003
02cdd90c9c266e18d6b72610e6b438a3aaf3ca4cc707122de93807e7d01e5954
04ffab711670231083a9808a85070488ad269d315654fee57cf79aeb3f48db36
21fa9748efb8c509c94597f75d1784b536bcc05c6df36b25523a51ec14a3c7c4
2e86246b3842e02a20fa3a3b71095fd9bb733cf36b71710047b9ee96fdce8435
4d5906fbdfa4c177186856d55dab1f5a32b990c65439b8b7fdd54298e03aea6c
5c4d4dde7b53da22a5ad4c30dfa48c8c9a2e7f10491fabf1fdc3863e077cde01
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6a0f6cf6b4648c192d81b5fc7b70cb2f6819ef4a799e421e8626cae9697aa85a
6f47c1e9eefcbe2eba9564ef54d754ad84c050f993333c9264545d6b760f127a
cb3b298a18fafe512e6c930557ea1f4168f61e4df894d6df8daea9b83032ed2c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

dulliusimoveis.com.br Open in urlscan Pro 2606:4700:3031::6815:15f0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

71 %IPv6

6 Domains

6 Subdomains

7 IPs

2 Countries

141 kBTransfer

289 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

Indicators

dulliusimoveis.com.br Open in urlscan Pro
2606:4700:3031::6815:15f0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

141 kB
Transfer

289 kB
Size

3
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!