bb.gerenciadorpjdigital.shop Open in urlscan Pro
2606:4700:3030::ac43:9af6  Malicious Activity! Public Scan

Submitted URL: http://bb.gerenciadorpjdigital.shop/
Effective URL: https://bb.gerenciadorpjdigital.shop/control.php
Submission: On September 27 via manual from BR — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2606:4700:3030::ac43:9af6, located in United States and belongs to CLOUDFLARENET, US. The main domain is bb.gerenciadorpjdigital.shop.
TLS certificate: Issued by E1 on September 26th 2023. Valid for: 3 months.
This is the only time bb.gerenciadorpjdigital.shop was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco do Brasil (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 104.21.6.56 13335 (CLOUDFLAR...)
1 3 2606:4700:303... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains
Transfer
4 gerenciadorpjdigital.shop
bb.gerenciadorpjdigital.shop
1 MB
2 1
Domain Requested by
4 bb.gerenciadorpjdigital.shop 2 redirects bb.gerenciadorpjdigital.shop
2 1

This site contains links to these domains. Also see Links.

Domain
www.bb.com.br
accounts.bb.com.br
Subject Issuer Validity Valid
gerenciadorpjdigital.shop
E1
2023-09-26 -
2023-12-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://bb.gerenciadorpjdigital.shop/control.php
Frame ID: DF4B520A209F57C7D6B15271A113AB55
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

##

Page URL History Show full URLs

  1. http://bb.gerenciadorpjdigital.shop/ HTTP 301
    https://bb.gerenciadorpjdigital.shop/ HTTP 302
    https://bb.gerenciadorpjdigital.shop/control.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1229 kB
Transfer

1877 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bb.gerenciadorpjdigital.shop/ HTTP 301
    https://bb.gerenciadorpjdigital.shop/ HTTP 302
    https://bb.gerenciadorpjdigital.shop/control.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request control.php
bb.gerenciadorpjdigital.shop/
Redirect Chain
  • http://bb.gerenciadorpjdigital.shop/
  • https://bb.gerenciadorpjdigital.shop/
  • https://bb.gerenciadorpjdigital.shop/control.php
837 KB
200 KB
Document
General
Full URL
https://bb.gerenciadorpjdigital.shop/control.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:9af6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be68f0e0ba158891eeb5cdf8d1d2ccb9b3814e4245440b55d9ce2cfd0900fb91

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
80d5669a4e649001-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 27 Sep 2023 17:17:33 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRd8K8bcFQ7W6L5HgphEX8txqGtqaisl7doRNgtOH1EKYK4wN43vLVa2dT8HJUMwNAbC65BpXk8guplXNqMk0yR%2Bz%2B5%2FDhWuIuodzPcVLuaY%2FA7hr35xG5YCJFug2nu8yAH7mQUxhFfxXqriaxRQfgAx6us10%2Fi7xB8v"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
80d56695ea959001-FRA
content-type
text/html; charset=UTF-8
date
Wed, 27 Sep 2023 17:17:33 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./control.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66HSd0T44ZgoPt51O8bHV%2FEUSINP0rhSMQ5kjIiDWxfOvBLS4xQkVxz4dGzbCYcagKuBKwZefh7VP1uokC210t9sv82bdOKCmkgKB2N5HzYkrvZ9aLGiXX6k6bABZ5UT%2B9GGCfysORGSCOga%2FhryDhiQFe5SAm5kkKXH"}],"group":"cf-nel","max_age":604800}
server
cloudflare
truncated
/
705 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a19c30bb052f7f7ca9c5ca20947e23d38a9c843220b53c2467ea79112914e0ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
login.jpg
bb.gerenciadorpjdigital.shop/pages/img/
899 KB
899 KB
Image
General
Full URL
https://bb.gerenciadorpjdigital.shop/pages/img/login.jpg
Requested by
Host: bb.gerenciadorpjdigital.shop
URL: https://bb.gerenciadorpjdigital.shop/control.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:9af6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1af5c8b26a422365229d5afb9b4d51004a3494db0db1ab87b558d2cc37b02cbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bb.gerenciadorpjdigital.shop/control.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 17:17:34 GMT
cf-cache-status
MISS
last-modified
Wed, 23 Aug 2023 21:28:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"e0a8a-6039dc9c2ce80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JQT9qQoHcorw6nsCVVqeeLiFRliHdxX2VskVfzfb%2BOvp397cb%2FYVzJSpSm%2FIcwmDeG3gTMya302OzxBHqjIpSa%2FAwkw2Lyo9TsfvfX%2FynUmnstQvSBvILSE21WuYAf%2B03v%2BTMesNXjwRUQPt6kGQLNEG8ZTThU7o0drX"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
80d5669dbdaf19ab-FRA
alt-svc
h3=":443"; ma=86400
content-length
920202
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc1c5d8c9aa750b035f80171038766b502616cd3f1b52abbff668a712c485274

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a8ede1b3e9746cc116996ee8f0e072ac7211aa3bb48835a25a26097f64c32c7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/
72 KB
72 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a10325514c7d0fdc40bed9f4f787b07a18e5cdc18c5b17f3def35faea928bfbb

Request headers

Referer
Origin
https://bb.gerenciadorpjdigital.shop
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type
application/x-font-ttf
truncated
/
58 KB
58 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33f721b5c6ef9d87bdaf192c0d27e5d855c94a41b0954705b81823d9a10543da

Request headers

Referer
Origin
https://bb.gerenciadorpjdigital.shop
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco do Brasil (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
bb.gerenciadorpjdigital.shop/ Name: PHPSESSID
Value: lmfnh6q90n00fesemp1ko6uesd