www.safracombr.online Open in urlscan Pro
66.70.173.75 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Submission: On October 08 via manual (October 8th 2019, 2:48:01 pm UTC) from BR

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 5 domains to perform 22 HTTP transactions. The main IP is 66.70.173.75, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.safracombr.online.

This is the only time www.safracombr.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Safra Limited (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	66.70.173.75 66.70.173.75	16276 (OVH) (OVH)
8	23.8.8.196 23.8.8.196	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	13.32.99.39 13.32.99.39	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	35.167.196.234 35.167.196.234	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
22	7

4 66.70.173.75 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip75.ip-66-70-173.net

www.safracombr.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.8.8.196 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-8-196.deploy.static.akamaitechnologies.com

www9.safraempresas.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.39 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-99-39.prg50.r.cloudfront.net

static.site24x7rum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.167.196.234 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-167-196-234.us-west-2.compute.amazonaws.com

col.site24x7rum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	safraempresas.com.br www9.safraempresas.com.br	701 KB
4	safracombr.online www.safracombr.online	47 KB
3	site24x7rum.com 1 redirects static.site24x7rum.com col.site24x7rum.com	46 KB
1	cloudflare.com cdnjs.cloudflare.com	5 KB
1	googleapis.com ajax.googleapis.com	29 KB
22	5

	Domain	Requested by
8	www9.safraempresas.com.br	www.safracombr.online
4	www.safracombr.online	www.safracombr.online
2	static.site24x7rum.com	1 redirects www.safracombr.online
1	col.site24x7rum.com	static.site24x7rum.com
1	cdnjs.cloudflare.com	www.safracombr.online
1	ajax.googleapis.com	www.safracombr.online
22	6

This site contains no links.

Subject Issuer	Validity	Valid
www.safra.com.br DigiCert SHA2 Secure Server CA	`2019-09-06` - `2020-07-21`	10 months	crt.sh
*.site24x7rum.com Amazon	`2018-11-22` - `2019-12-22`	a year	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-10` - `2020-02-16`	6 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Frame ID: 1CE71BAE9595292D20B5AE3976BDF470
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /angular.*\.js/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

script /\/(?:([\d.])+\/)?highlight(?:\.min)?\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

22
Requests

50 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

828 kB
Transfer

2907 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521 HTTP 301
https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request confirmaju.php Show response
www.safracombr.online/Safra/desktop/empresas/ 13 KB
4 KB 331ms
93ms Document
text/html 66.70.173.75
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Protocol: HTTP/1.1
Server: 66.70.173.75 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip75.ip-66-70-173.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.29
Resource Hash: ef3a072f10fe81fe9c3a9f12af29f71cdba2aaba72d6fb22702215df180ee409

Request headers

Host: www.safracombr.online
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 08 Oct 2019 14:50:25 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK arq-spa-desktop.js Show response
www9.safraempresas.com.br/app/assets/js/ 45 KB
8 KB 1312ms
1261ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/arq-spa-desktop.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

7b83be7ea64dbb0abd920340f927dae4c18af0a403abb8d8b53e578152ed91f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:15 GMT
ETag: "b219-5945a3d010dc0"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7620

GET
H/1.1 200
OK arq-spa-internet.js Show response
www9.safraempresas.com.br/app/assets/js/ 17 KB
4 KB 1134ms
1083ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/arq-spa-internet.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

82973342a30e55bd6d5f7dc1b8666acaedc06c8a88e06ec31c15b802b2296515

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:15 GMT
ETag: "43a4-5945a3d010dc0"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3461

GET
H/1.1 200
OK apl-internet-pj.comumLite.js Show response
www9.safraempresas.com.br/app/assets/js/ 45 KB
16 KB 1485ms
1434ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/apl-internet-pj.comumLite.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

7e84c390311cb52a18c4d5d4f0cfc0aadee3faf641f2858197c2f31f3c54f46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:39 GMT
ETag: "b40b-5945a3e6f43c0"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15373

GET
H/1.1 404
Not Found apl-internet-pj.areaAberta.js
www.safracombr.online/Safra/desktop/empresas/app/assets/js/ 0
0 92ms
91ms Script
text/html 66.70.173.75
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.safracombr.online/Safra/desktop/empresas/app/assets/js/apl-internet-pj.areaAberta.js
Requested by: Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Protocol: HTTP/1.1
Server: 66.70.173.75 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip75.ip-66-70-173.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash

Request headers

Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 08 Oct 2019 14:50:25 GMT
Server: Apache/2.4.7 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 350
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

site24x7rum-min.js Show response
static.site24x7rum.com/beacon/
Redirect Chain

http://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521
https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521

45 KB
45 KB

54ms
31ms

Script
application/javascript

13.32.99.39
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521
Requested by: Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.99.39 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-99-39.prg50.r.cloudfront.net
Software: ZGS /
Resource Hash: 533dfbbcf9c59187a1bd66adcf61dad7c677adb42add4076255509b081a0d532

Request headers

Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 08 Oct 2019 11:55:34 GMT
Via: 1.1 888a645d6faf32b94378fe35571da41a.cloudfront.net (CloudFront)
Server: ZGS
X-Amz-Cf-Pop: PRG50
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript;charset=ISO-8859-1
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Id: TWEEWtCQnsmqViVNm5G1ktossNYqc3P32myPREvZs6XxrmfoEl8hPQ==

Redirect headers

Date: Tue, 08 Oct 2019 14:47:43 GMT
Via: 1.1 5d9abbb287f32993eb3100a884834ce3.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: PRG50
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: BRTRP_qKvLyPgDD6bjYbAaFIzV-vHJziBq_8SCdCcL_dHltecQmGUg==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
29 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 08 Oct 2019 02:26:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44479
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Oct 2020 02:26:23 GMT

GET
H2 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.0/ 19 KB
5 KB 17ms
17ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.0/jquery.mask.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c09329c4b8061b598febdf389cff6e16afc18e8674b0f583a70b4fe924a6d2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 08 Oct 2019 14:47:42 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 15178819
status: 200
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:59 GMT
server: cloudflare
etag: W/"5afd497b-4b19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5228e95dabaacbbc-VIE
expires: Sun, 27 Sep 2020 14:47:42 GMT

GET
H/1.1 200
OK arq-spa-dependencias.js Show response
www9.safraempresas.com.br/app/assets/js/ 1 MB
401 KB 1624ms
1573ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/arq-spa-dependencias.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8862fc47da19c4fcaff51323ed65b0c4d0a8a747fad9581391bcf43103c665d

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:14 GMT
ETag: "174136-5945a3cf1cb80"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Transfer-Encoding: chunked

GET
H/1.1 200
OK dependencias.js Show response
www9.safraempresas.com.br/app/assets/js/ 621 KB
183 KB 1654ms
1604ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/dependencias.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

ee9c9cb2f302df82e71693a7d89f1149985f1b76359bec5501961d06f07de028

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:18 GMT
ETag: "9b557-5945a3d2ed480"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Transfer-Encoding: chunked

GET
H/1.1 200
OK arq-spa-base.js Show response
www9.safraempresas.com.br/app/assets/js/ 118 KB
27 KB 1579ms
1516ms Script
application/javascript 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/js/arq-spa-base.js

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

602e45bea67e2353f9377d277541308b0122bb4890b1e4fefb0efa9512437101

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 07 Oct 2019 23:16:12 GMT
ETag: "1d97d-5945a3cd34700"
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-Control: max-age=0, public, private
Date: Tue, 08 Oct 2019 14:47:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27601

GET
H/1.1 200
OK bootstrap.css
www9.safraempresas.com.br/app/assets/css/ 112 KB
19 KB 61ms
11ms Stylesheet
text/css 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www9.safraempresas.com.br/app/assets/css/bootstrap.css

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

019f2f1ddbbba88136b75bfdd8b3505a5344362ed3a80e26f03bcec3763451e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 23:16:12 GMT
X-Frame-Options: DENY
ETag: "1c0b6-5945a3cd34700"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, private, max-age=0
Date: Tue, 08 Oct 2019 14:47:43 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19088
Expires: Tue, 08 Oct 2019 14:47:43 GMT

GET
H/1.1 200
OK apl.css
www.safracombr.online/Safra/desktop/empresas/ 258 KB
44 KB 199ms
109ms Stylesheet
text/css 66.70.173.75
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.safracombr.online/Safra/desktop/empresas/apl.css
Requested by: Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Protocol: HTTP/1.1
Server: 66.70.173.75 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip75.ip-66-70-173.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 2c9239ee9e9e13edcc7066fb23948c0f84949361f1c43f5af348f09ada42eeec

Request headers

Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 08 Oct 2019 14:50:26 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 17:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "406da-593f083f726c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 44306

GET
H/1.1 404
Not Found apl-internet-pj.areaAberta.js
www.safracombr.online/Safra/desktop/empresas/app/assets/js/ 0
0 91ms
90ms Script
text/html 66.70.173.75
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.safracombr.online/Safra/desktop/empresas/app/assets/js/apl-internet-pj.areaAberta.js
Requested by: Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
Protocol: HTTP/1.1
Server: 66.70.173.75 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip75.ip-66-70-173.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash

Request headers

Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 08 Oct 2019 14:50:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 350
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK bg-navegador.jpg
www9.safraempresas.com.br/app/assets/img/ 43 KB
44 KB 10ms
10ms Image
image/jpeg 23.8.8.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www9.safraempresas.com.br/app/assets/img/bg-navegador.jpg

Requested by

Host: www.safracombr.online
URL: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.8.8.196 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-8-8-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

72f7ec8be81589e674e4ccbe1d91d72632b9163196bcc7810f213093707c4858

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.safracombr.online/Safra/desktop/empresas/apl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 07 Oct 2019 23:16:22 GMT
ETag: "acf5-5945a3d6bdd80"
X-Frame-Options: DENY
Content-Type: image/jpeg
Cache-Control: public, max-age=0
Date: Tue, 08 Oct 2019 14:47:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44277
Expires: Tue, 08 Oct 2019 14:47:45 GMT

GET open-sans.woff
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

GET open-sans-bold.woff
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

GET open-sans-semibold.woff
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

GET open-sans.ttf
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

GET open-sans-bold.ttf
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

GET open-sans-semibold.ttf
www9.safraempresas.com.br/app/assets/fonts/open-sans/ 0
0

POST
H/1.1 200
OK data Show response
col.site24x7rum.com/rum/ 77 B
511 B 457ms
277ms XHR
application/json 35.167.196.234
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://col.site24x7rum.com/rum/data

Requested by

Host: static.site24x7rum.com
URL: https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=7baf1dda3d517ce723be674543e80521

Protocol

HTTP/1.1

Server

35.167.196.234 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-167-196-234.us-west-2.compute.amazonaws.com

Software

ZGS /

Resource Hash

d37619a2f2ec0061a601222e2bbbfc2a3310b3aa25e04386fc7bf9c9f87cbb7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: http://www.safracombr.online/Safra/desktop/empresas/confirmaju.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 08 Oct 2019 14:47:48 GMT
X-Content-Type-Options: nosniff
Server: ZGS
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST
Content-Type: application/json;charset=ISO-8859-1
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Origin
Content-Length: 77
X-XSS-Protection: 1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans.woff

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans-bold.woff

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans-semibold.woff

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans.ttf

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans-bold.ttf

Domain: www9.safraempresas.com.br
URL: https://www9.safraempresas.com.br/app/assets/fonts/open-sans/open-sans-semibold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Safra Limited (Banking)

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
col.site24x7rum.com
static.site24x7rum.com
www.safracombr.online
www9.safraempresas.com.br
www9.safraempresas.com.br
13.32.99.39
23.8.8.196
2606:4700::6813:c597
2a00:1450:4001:814::200a
35.167.196.234
66.70.173.75
019f2f1ddbbba88136b75bfdd8b3505a5344362ed3a80e26f03bcec3763451e0
2c9239ee9e9e13edcc7066fb23948c0f84949361f1c43f5af348f09ada42eeec
533dfbbcf9c59187a1bd66adcf61dad7c677adb42add4076255509b081a0d532
602e45bea67e2353f9377d277541308b0122bb4890b1e4fefb0efa9512437101
72f7ec8be81589e674e4ccbe1d91d72632b9163196bcc7810f213093707c4858
7b83be7ea64dbb0abd920340f927dae4c18af0a403abb8d8b53e578152ed91f4
7e84c390311cb52a18c4d5d4f0cfc0aadee3faf641f2858197c2f31f3c54f46c
82973342a30e55bd6d5f7dc1b8666acaedc06c8a88e06ec31c15b802b2296515
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
c09329c4b8061b598febdf389cff6e16afc18e8674b0f583a70b4fe924a6d2fd
c8862fc47da19c4fcaff51323ed65b0c4d0a8a747fad9581391bcf43103c665d
d37619a2f2ec0061a601222e2bbbfc2a3310b3aa25e04386fc7bf9c9f87cbb7a
ee9c9cb2f302df82e71693a7d89f1149985f1b76359bec5501961d06f07de028
ef3a072f10fe81fe9c3a9f12af29f71cdba2aaba72d6fb22702215df180ee409

www.safracombr.online Open in urlscan Pro 66.70.173.75 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

22 Requests

50 %HTTPS

33 %IPv6

5 Domains

6 Subdomains

7 IPs

4 Countries

828 kBTransfer

2907 kBSize

0 Cookies

0 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

52 JavaScript Global Variables

0 Cookies

Indicators

www.safracombr.online Open in urlscan Pro
66.70.173.75 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

50 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

828 kB
Transfer

2907 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!