goiasbtglub.com.br Open in urlscan Pro
191.252.81.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://goiasbtglub.com.br/safra/
Submission: On May 02 via api (May 2nd 2023, 5:05:04 pm UTC) from GB — Scanned from GB

Summary HTTP 9 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 191.252.81.30, located in Brazil and belongs to Locaweb Servicos de Internet SA, BR. The main domain is goiasbtglub.com.br.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on March 31st 2023. Valid for: a year.

This is the only time goiasbtglub.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Safra Limited (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	191.252.81.30 191.252.81.30		27715 (Locaweb S...) (Locaweb Servicos de Internet SA)
9	1

9 191.252.81.30 (Brazil)

ASN27715 (Locaweb Servicos de Internet SA, BR)
PTR: vpshost7367.publiccloud.com.br

goiasbtglub.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	goiasbtglub.com.br goiasbtglub.com.br	2 MB
9	1

	Domain	Requested by
9	goiasbtglub.com.br	goiasbtglub.com.br
9	1

This site contains links to these domains. Also see Links.

Domain
www.safra.com.br

Subject Issuer	Validity	Valid
*.goiasbtglub.com.br AlphaSSL CA - SHA256 - G4	`2023-03-31` - `2024-05-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://goiasbtglub.com.br/safra/
Frame ID: A56AFA09516A60B1D9231E164D8FABAC
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banco Safra - Internet Banking Pessoa Jurídica

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1584 kB
Transfer

1582 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.safra.com.br/external-files/canais-pj/pdf/BoasVindas_SafraEmpresasEMP.pdf
Title: Clique aqui

Search URL Search Domain Scan URL

URL: https://www.safra.com.br/sobre/seguranca-e-privacidade.htm
Title: política de privacidade

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response goiasbtglub.com.br/safra/	15 KB 15 KB	1428ms 248ms	Document text/html	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / PHP/8.0.7 Resource Hash `b2595ae289b01e564ba52d67a50465c094843f5efed5c95efcf8965fdf8a366d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language en-GB,en;q=0.9 Response headers Connection Keep-Alive Content-Length 15601 Content-Type text/html; charset=UTF-8 Date Tue, 02 May 2023 17:04:55 GMT Keep-Alive timeout=5, max=100 Server Apache X-Powered-By PHP/8.0.7
GET H/1.1	200 OK	bootstrap.css goiasbtglub.com.br/safra/css/	112 KB 112 KB	259ms 258ms	Stylesheet text/css	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/css/bootstrap.css Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `019f2f1ddbbba88136b75bfdd8b3505a5344362ed3a80e26f03bcec3763451e0` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:56 GMT Last-Modified Mon, 24 Apr 2023 12:10:54 GMT Server Apache ETag "1c0b6-5fa13e60d58f3" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 114870
GET H/1.1	200 OK	apl-base.css goiasbtglub.com.br/safra/css/	13 KB 14 KB	489ms 248ms	Stylesheet text/css	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/css/apl-base.css Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `cabf732b2293ee5640c5c51f6a8697a13ca3b72b5fc1a365368b6560824df1d5` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:56 GMT Last-Modified Mon, 24 Apr 2023 12:10:53 GMT Server Apache ETag "3513-5fa13e60342ec" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 13587
GET H/1.1	200 OK	apl.css goiasbtglub.com.br/safra/css/	1 MB 1 MB	731ms 243ms	Stylesheet text/css	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/css/apl.css Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `ab00bbaa86bc361e359f546911eef003fb0c7ff71b6075046171c31ddc44f203` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:56 GMT Last-Modified Mon, 24 Apr 2023 12:11:00 GMT Server Apache ETag "1457e1-5fa13e668e66c" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1333217
GET H/1.1	200 OK	logo-safra-empresas-novo.png goiasbtglub.com.br/safra/img/	9 KB 9 KB	722ms 247ms	Image image/png	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Show image Full URL https://goiasbtglub.com.br/safra/img/logo-safra-empresas-novo.png Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `a31bf649bb42808977e82c5a8a82b05477ff6767cd89f5d2817e9820ae1abd4c` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:56 GMT Last-Modified Mon, 24 Apr 2023 12:11:00 GMT Server Apache ETag "2447-5fa13e66e87d3" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 9287
GET H/1.1	200 OK	cut-eye-blue.svg goiasbtglub.com.br/safra/img/	3 KB 3 KB	502ms 243ms	Image image/svg+xml	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Show image Full URL https://goiasbtglub.com.br/safra/img/cut-eye-blue.svg Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `abc1f4ea9f227b892b9e7074ebf753f5417e742cf84d2fd1cea056dd5767cbf1` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:56 GMT Last-Modified Mon, 24 Apr 2023 12:10:59 GMT Server Apache ETag "a22-5fa13e6587b4d" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2594
GET H/1.1	200 OK	bg-navegador.jpg goiasbtglub.com.br/safra/img/	43 KB 44 KB	244ms 244ms	Image image/jpeg	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Show image Full URL https://goiasbtglub.com.br/safra/img/bg-navegador.jpg Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/css/apl.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `72f7ec8be81589e674e4ccbe1d91d72632b9163196bcc7810f213093707c4858` Request headers accept-language en-GB,en;q=0.9 Referer https://goiasbtglub.com.br/safra/css/apl.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:58 GMT Last-Modified Mon, 24 Apr 2023 12:10:57 GMT Server Apache ETag "acf5-5fa13e63d810f" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 44277
GET H/1.1	200 OK	open-sans-bold.woff goiasbtglub.com.br/safra/fonts/open-sans/	62 KB 62 KB	258ms 257ms	Font application/font-woff	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/fonts/open-sans/open-sans-bold.woff Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/css/apl.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9` Request headers Referer https://goiasbtglub.com.br/safra/css/apl.css Origin https://goiasbtglub.com.br accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:58 GMT Last-Modified Mon, 24 Apr 2023 12:11:07 GMT Server Apache ETag "f84c-5fa13e6da2a7a" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 63564
GET H/1.1	200 OK	open-sans.woff goiasbtglub.com.br/safra/fonts/open-sans/	22 KB 22 KB	244ms 243ms	Font application/font-woff	191.252.81.30 Locaweb Servicos ...
General Check archive.org Show headers Download Go to Full URL https://goiasbtglub.com.br/safra/fonts/open-sans/open-sans.woff Requested by Host: goiasbtglub.com.br URL: https://goiasbtglub.com.br/safra/css/apl.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 191.252.81.30 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR), Reverse DNS vpshost7367.publiccloud.com.br Software Apache / Resource Hash `22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40` Request headers Referer https://goiasbtglub.com.br/safra/css/apl.css Origin https://goiasbtglub.com.br accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 02 May 2023 17:04:58 GMT Last-Modified Mon, 24 Apr 2023 12:11:08 GMT Server Apache ETag "5884-5fa13e6de127a" Content-Type application/font-woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 22660

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Safra Limited (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| validateCPF

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goiasbtglub.com.br
191.252.81.30
019f2f1ddbbba88136b75bfdd8b3505a5344362ed3a80e26f03bcec3763451e0
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
72f7ec8be81589e674e4ccbe1d91d72632b9163196bcc7810f213093707c4858
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
a31bf649bb42808977e82c5a8a82b05477ff6767cd89f5d2817e9820ae1abd4c
ab00bbaa86bc361e359f546911eef003fb0c7ff71b6075046171c31ddc44f203
abc1f4ea9f227b892b9e7074ebf753f5417e742cf84d2fd1cea056dd5767cbf1
b2595ae289b01e564ba52d67a50465c094843f5efed5c95efcf8965fdf8a366d
cabf732b2293ee5640c5c51f6a8697a13ca3b72b5fc1a365368b6560824df1d5

goiasbtglub.com.br Open in urlscan Pro 191.252.81.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1584 kBTransfer

1582 kBSize

0 Cookies

2 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

goiasbtglub.com.br Open in urlscan Pro
191.252.81.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1584 kB
Transfer

1582 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!