attcadbolsa.com
Open in
urlscan Pro
172.67.214.29
Malicious Activity!
Public Scan
Effective URL: https://attcadbolsa.com/auth?flow=inputUsername
Submission Tags: suspect
Submission: On May 27 via api from BR — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 17th 2024. Valid for: 3 months.
This is the only time attcadbolsa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Caixa (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.33.152.147 3.33.152.147 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 2606:4700:303... 2606:4700:3032::6815:25e1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 172.67.214.29 172.67.214.29 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.245.31.89 18.245.31.89 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 2 |
ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com
acesso-social-live.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-89.fra56.r.cloudfront.net
cdn.socket.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
attcadbolsa.com
1 redirects
attcadbolsa.com |
102 KB |
1 |
socket.io
cdn.socket.io — Cisco Umbrella Rank: 36572 |
15 KB |
1 |
acesso-social-live.com
1 redirects
acesso-social-live.com |
316 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
15 | attcadbolsa.com |
1 redirects
attcadbolsa.com
|
1 | cdn.socket.io |
attcadbolsa.com
|
1 | acesso-social-live.com | 1 redirects |
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
attcadbolsa.com GTS CA 1P5 |
2024-04-17 - 2024-07-16 |
3 months | crt.sh |
cdn.socket.io Amazon RSA 2048 M03 |
2023-10-22 - 2024-11-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://attcadbolsa.com/auth?flow=inputUsername
Frame ID: 2FF066534C8FF74995C3B067125CF4E7
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
CAIXAPage URL History Show full URLs
-
http://acesso-social-live.com/
HTTP 307
https://acesso-social-live.com/ HTTP 307
http://acesso-social-live.com/ HTTP 301
http://attcadbolsa.com/ HTTP 307
https://attcadbolsa.com/ HTTP 302
https://attcadbolsa.com/auth?flow=inputUsername Page URL
Detected technologies
Socket.io (JavaScript Frameworks) ExpandDetected patterns
- socket\.io.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://acesso-social-live.com/
HTTP 307
https://acesso-social-live.com/ HTTP 307
http://acesso-social-live.com/ HTTP 301
http://attcadbolsa.com/ HTTP 307
https://attcadbolsa.com/ HTTP 302
https://attcadbolsa.com/auth?flow=inputUsername Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
auth
attcadbolsa.com/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
socket.io.min.js
cdn.socket.io/4.7.2/ |
49 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sessionHelpers.js
attcadbolsa.com/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
attcadbolsa.com/css/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fsso.css
attcadbolsa.com/css/ |
1 KB 916 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.js
attcadbolsa.com/js/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
imask.min.js
attcadbolsa.com/js/ |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
validate.js
attcadbolsa.com/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-caixa.png
attcadbolsa.com/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interrogacao.svg
attcadbolsa.com/images/ |
1021 B 996 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
caixatem-white.png
attcadbolsa.com/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
helpers.js
attcadbolsa.com/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
futuraBook.woff
attcadbolsa.com/fonts/ |
12 KB 13 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fsso.woff2
attcadbolsa.com/fonts/ |
4 KB 4 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
attcadbolsa.com/images/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Caixa (Government)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| io function| generateUUID function| getGeolocation function| getCoordinatesV3 function| getCityInfoFromAPI function| searchLogin2Account function| $ function| jQuery object| __core-js_shared__ object| core function| IMask object| validators function| validateWith boolean| faqIsLoaded function| toggleQuestion function| toggleFaq function| loadFaq function| handleLogin function| validatePasswordInput function| toggleInputType function| validateCPFInput1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
attcadbolsa.com/ | Name: connect.sid Value: s%3Au3j_GeOTQ6h2S_G1tARF4p_ze-bXYvpi.XBk4%2Be7YsBjiPpmEAcerq2iILjIQtGl1rElxgH0vGoI |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acesso-social-live.com
attcadbolsa.com
cdn.socket.io
172.67.214.29
18.245.31.89
2606:4700:3032::6815:25e1
3.33.152.147
0bc0e8914dd49c2616964a3f5425bd462131e8b59333bcb87adbae4f8d0b97ad
311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270
3fd4831c4c7cdc3d26a978b40241a16a7795c65d9f0f9c0b887602b719007a4a
63c6bca75c5ba6da5336acef9f07f249f52b6ef6343f5d1ec46916139b30ee16
64f47dac58ac1396c702a238a73e3bce43d340c508305dbde78dfdc7ae9bd07f
736161c02d6980a800ee35c57b869cbd6f352c411203b89e794b53edc56cdf5e
83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1
88fb48c350619c7ede48413118c899900d5801f565f16bf2f78b23c753128c79
99e691fae5e88eb36bafb24758b35f0f990708295f8f2abe2221891e328f776a
a10b2226b24cb524fc090fc6b617601ddfa9c6bfc32b95c415b8057f0b32b340
cef588bc026161c06f8f09683b4dbe9478955be7d9704bf81b625725b3d495d5
d0b35815e7476d0367ee28e2cce8f169f70b5a2673c4eb39994644eab5fe5a96
eb36e7473ecb490885c097151ae7b39578df4140aaf254db51b4082f83840dc1
eb545b8ac4e9673641214567329f2d88a8546e1a7a10e0be37ce709fd94f0fb4
f4d77754b30e09df3ae9f69513eb48fc68e092d2599cc29cd961b8254e311dbb