tesser.com.br Open in urlscan Pro
192.185.208.124 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ch-cembra-alert.com/
Effective URL:
https://tesser.com.br/cembr/cembra/login.php
Submission: On April 01 via manual (April 1st 2022, 8:14:24 pm UTC) from CH — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 192.185.208.124, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is tesser.com.br.
TLS certificate: Issued by R3 on January 22nd 2022. Valid for: 3 months.

This is the only time tesser.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cembra (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	69.163.229.11 69.163.229.11	26347 (DREAMHOST-AS) (DREAMHOST-AS)
2 14	192.185.208.124 192.185.208.124	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 7	193.223.58.9 193.223.58.9	3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd)
19	3

2 69.163.229.11 (Brea, United States) 1 redirects

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-twiddle.fossil.dreamhost.com

ch-cembra-alert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.ch-cembra-alert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.185.208.124 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: br142-ip18.hostgator.com.br

tesser.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 193.223.58.9 (Morat, Switzerland) 1 redirects

ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)

www.cembra.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	tesser.com.br 2 redirects tesser.com.br	192 KB
7	cembra.ch 1 redirects www.cembra.ch	141 KB
2	ch-cembra-alert.com 1 redirects ch-cembra-alert.com www.ch-cembra-alert.com	553 B
19	3

	Domain	Requested by
14	tesser.com.br	2 redirects tesser.com.br
7	www.cembra.ch	1 redirects tesser.com.br www.cembra.ch
1	www.ch-cembra-alert.com
1	ch-cembra-alert.com	1 redirects
19	4

This site contains no links.

Subject Issuer	Validity	Valid
www.ch-cembra-alert.com R3	`2022-04-01` - `2022-06-30`	3 months	crt.sh
*.tesser.com.br R3	`2022-01-22` - `2022-04-22`	3 months	crt.sh
www.cembra.ch SwissSign EV Gold CA 2014 - G22	`2021-08-09` - `2022-08-09`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://tesser.com.br/cembr/cembra/login.php
Frame ID: 1161C8B0B3B539DD53734DB334C67616
Requests: 8 HTTP requests in this frame

Frame: https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop
Frame ID: 510FA889D44BCFE4CCA88E656FE51041
Requests: 6 HTTP requests in this frame

Frame: https://tesser.com.br/cembr/cembra/alert.html
Frame ID: D0CA58927399F1DC5C3199FC248E9275
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cembra Money Bank

Page URL History Show full URLs

http://ch-cembra-alert.com/ HTTP 301
https://www.ch-cembra-alert.com/ Page URL
https://tesser.com.br/cembr HTTP 301
https://tesser.com.br/cembr/ HTTP 302
https://tesser.com.br/cembr/cembra/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

332 kB
Transfer

923 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ch-cembra-alert.com/ HTTP 301
https://www.ch-cembra-alert.com/ Page URL
https://tesser.com.br/cembr HTTP 301
https://tesser.com.br/cembr/ HTTP 302
https://tesser.com.br/cembr/cembra/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://ch-cembra-alert.com/ HTTP 301
https://www.ch-cembra-alert.com/

Request Chain 5

https://www.cembra.ch/de/Login/ServiceMessage HTTP 301
https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response www.ch-cembra-alert.com/ Redirect Chain http://ch-cembra-alert.com/ https://www.ch-cembra-alert.com/	196 B 300 B	673ms 236ms	Document text/html	69.163.229.11 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www.ch-cembra-alert.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 69.163.229.11 Brea, United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS apache2-twiddle.fossil.dreamhost.com Software Apache / Resource Hash `240575438922c2642616a49fcb1c2b677ba562a475685006990cfa414e6657b7` Request headers Accept-Language de-DE,de;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers cache-control max-age=600 content-encoding gzip content-length 162 content-type text/html; charset=UTF-8 date Fri, 01 Apr 2022 20:14:18 GMT expires Fri, 01 Apr 2022 20:24:18 GMT server Apache vary Accept-Encoding,User-Agent Redirect headers Connection Keep-Alive Content-Length 240 Content-Type text/html; charset=iso-8859-1 Date Fri, 01 Apr 2022 20:14:17 GMT Keep-Alive timeout=2, max=100 Location https://www.ch-cembra-alert.com/ Server Apache
GET H2	200	Primary Request login.php Show response tesser.com.br/cembr/cembra/ Redirect Chain https://tesser.com.br/cembr https://tesser.com.br/cembr/ https://tesser.com.br/cembr/cembra/login.php	5 KB 2 KB	142ms 141ms	Document text/html	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `549ce7a6604fbc86dba8ebc18fd1e3ca6a0898cfb306bd4c4e6fa3602780bcf1` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.ch-cembra-alert.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers accept-ranges none cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 1595 content-type text/html; charset=UTF-8 date Fri, 01 Apr 2022 20:14:20 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Fri, 01 Apr 2022 20:14:19 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location cembra/login.php pragma no-cache server Apache
GET H2	200	bootstrap-btn.css tesser.com.br/cembr/cembra/files/css/	8 KB 2 KB	133ms 132ms	Stylesheet text/css	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/files/css/bootstrap-btn.css Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `e9704f509569e642ea78ac8e5f224884cbdc2167baf8fa0cbd43869fac2942e0` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT content-encoding gzip last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges none content-length 1920
GET H2	200	bootstrap.min.css tesser.com.br/cembr/cembra/files/css/	100 KB 24 KB	261ms 261ms	Stylesheet text/css	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/files/css/bootstrap.min.css Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `98c9d0d1932b2f9471963344031f2d720f3346fffcd82c0d34b09c6642e5dc27` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT content-encoding gzip last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges none vary Accept-Encoding content-type text/css
GET H2	200	default.css tesser.com.br/cembr/cembra/files/css/	19 KB 6 KB	133ms 132ms	Stylesheet text/css	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/files/css/default.css Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `6a5ec0cc8d92323c875c5af14f366e855a20411e3187002c29c38452735da142` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT content-encoding gzip last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges none content-length 5572
GET H2	200	cembra-money-bank.jpg tesser.com.br/cembr/cembra/files/img/	16 KB 16 KB	256ms 256ms	Image image/jpeg	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://tesser.com.br/cembr/cembra/files/img/cembra-money-bank.jpg Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `ce0392488bdaf30d30425a7459ed5c3d0da132ec5d6ef14150a3d9aa24e5fdc4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 15987 content-type image/jpeg
GET H/1.1	200 OK	/ Show response www.cembra.ch/de/Login/ServiceMessage/ Frame 510F Redirect Chain https://www.cembra.ch/de/Login/ServiceMessage https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop	1 KB 2 KB	29ms 29ms	Document text/html	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `136f05afdd9a0413977ce76371bbac4731b959fc4f74e23dc448c452c076c961` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Cache-Control no-cache, no-store Content-Encoding gzip Content-Length 983 Content-Type text/html; charset=utf-8 Date Fri, 01 Apr 2022 20:14:19 GMT Expires -1 Pragma no-cache Vary Accept-Encoding Redirect headers Content-Length 185 Content-Type text/html; charset=UTF-8 Date Fri, 01 Apr 2022 20:14:19 GMT Location https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop
GET H2	200	alert.html Show response tesser.com.br/cembr/cembra/ Frame D0CA	974 B 444 B	132ms 131ms	Document text/html	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/alert.html Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `db94a25dda5a2c442c4be8099eded4b0add83f9b7ef8775715c64420dbe919c0` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/login.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers accept-ranges none content-encoding gzip content-length 404 content-type text/html date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache vary Accept-Encoding
GET H2	200	login.css tesser.com.br/cembr/cembra/files/css/ Frame D0CA	235 KB 34 KB	361ms 361ms	Stylesheet text/css	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/files/css/login.css Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/alert.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `6b0bef914464f65eba80bcc91ef87d42f7e3108e06d3ca796bd578c41355d273` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/alert.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT content-encoding gzip last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges none vary Accept-Encoding content-type text/css
GET H2	200	ss.png tesser.com.br/cembr/cembra/files/img/ Frame D0CA	40 KB 40 KB	245ms 245ms	Image image/png	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://tesser.com.br/cembr/cembra/files/img/ss.png Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/alert.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `937299920c2867c223e6c7aea867ad66b21382d62dbe9edcbc446e53c431a20d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/alert.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 40682 content-type image/png
GET H/1.1	200 OK	login.css www.cembra.ch/Frontend/CembraInternet/ Frame 510F	237 KB 24 KB	17ms 17ms	Stylesheet text/css	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://www.cembra.ch/Frontend/CembraInternet/login.css Requested by Host: www.cembra.ch URL: https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `cde700dc8a0702914ba678850bebb21cfd0140466f090eb0d45302d258674ff0` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Fri, 01 Apr 2022 20:14:19 GMT Content-Encoding gzip Last-Modified Mon, 11 Sep 2017 15:10:36 GMT ETag "07ecb1e102bd31:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 23918
GET H/1.1	200 OK	jquery-1.10.2.min.js Show response www.cembra.ch/assets/js/ Frame 510F	91 KB 32 KB	49ms 17ms	Script application/javascript	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://www.cembra.ch/assets/js/jquery-1.10.2.min.js Requested by Host: www.cembra.ch URL: https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `cd8f413e39247d48ea354b8fb11c227e72f641403bd8d4dd81cd7473d60daafb` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Fri, 01 Apr 2022 20:14:20 GMT Content-Encoding gzip Last-Modified Mon, 11 Sep 2017 15:10:36 GMT ETag "07ecb1e102bd31:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 32884
GET H/1.1	200 OK	bootstrap.min.js Show response www.cembra.ch/assets/js/ Frame 510F	27 KB 7 KB	66ms 18ms	Script application/javascript	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://www.cembra.ch/assets/js/bootstrap.min.js Requested by Host: www.cembra.ch URL: https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `404abc720db631404f659a0873fe1df65fca1288110bf7713d4a8a090e1726af` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Fri, 01 Apr 2022 20:14:20 GMT Content-Encoding gzip Last-Modified Mon, 11 Sep 2017 15:10:36 GMT ETag "07ecb1e102bd31:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 7358
GET H/1.1	200 OK	info-purple.png www.cembra.ch/~/media/images/sublayouts/login/ Frame 510F	44 KB 44 KB	25ms 25ms	Image image/png	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Show image Full URL https://www.cembra.ch/~/media/images/sublayouts/login/info-purple.png?h=35&la=de&w=35 Requested by Host: www.cembra.ch URL: https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `0eaf7b9d7710f17e57ab9c7f76d941570633c5993fcd5c8503cb7bc81941af8a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.cembra.ch/de/Login/ServiceMessage/?display=desktop User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Fri, 01 Apr 2022 20:14:20 GMT Last-Modified Wed, 26 Nov 2014 23:16:32 GMT Content-Type image/png Cache-Control private, max-age=604800 Content-Disposition inline; filename="info-purple.png" Accept-Ranges bytes Content-Length 44758 Expires Fri, 08 Apr 2022 20:14:20 GMT
GET H2	200	eservice-login-background.jpg tesser.com.br/cembr/cembra/files/img/	34 KB 34 KB	208ms 208ms	Image image/jpeg	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://tesser.com.br/cembr/cembra/files/img/eservice-login-background.jpg Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/files/css/default.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `ed5c4f940fbb29ad6ea580e52d696b5badd28efa17ef068f0dda1f5c4026ca45` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/files/css/default.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 35045 content-type image/jpeg
GET H2	200	vistasansbook-071211005emigrewebonly.woff tesser.com.br/cembr/cembra/files/fonts/	32 KB 32 KB	207ms 207ms	Font font/woff	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://tesser.com.br/cembr/cembra/files/fonts/vistasansbook-071211005emigrewebonly.woff Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/files/css/default.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `b37a9db57ad291741c5a43f24d69e73bd672e47034dd6f8e28599fb907abb768` Request headers Referer https://tesser.com.br/cembr/cembra/files/css/default.css Origin https://tesser.com.br Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 32344 content-type font/woff
GET H/1.1	200 OK	vistasansbook-071211005EmigreWebOnly.woff www.cembra.ch/assets/font/ Frame 510F	32 KB 32 KB	17ms 17ms	Font font/x-woff	193.223.58.9 SWISSCOM Swisscom...
General Check archive.org Show headers Download Go to Full URL https://www.cembra.ch/assets/font/vistasansbook-071211005EmigreWebOnly.woff Requested by Host: www.cembra.ch URL: https://www.cembra.ch/Frontend/CembraInternet/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.223.58.9 Morat, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH), Reverse DNS Software / Resource Hash `b37a9db57ad291741c5a43f24d69e73bd672e47034dd6f8e28599fb907abb768` Request headers Referer https://www.cembra.ch/Frontend/CembraInternet/login.css Origin https://www.cembra.ch Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Fri, 01 Apr 2022 20:14:20 GMT Last-Modified Mon, 11 Sep 2017 15:10:34 GMT Accept-Ranges bytes ETag "0519a1d102bd31:0" Content-Length 32344 Content-Type font/x-woff
GET H2	200	slider-left.png tesser.com.br/cembr/cembra/files/img/ Frame D0CA	1 KB 1 KB	133ms 133ms	Image image/png	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://tesser.com.br/cembr/cembra/files/img/slider-left.png Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/files/css/login.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `1bc5e610982370f1f00157fd084a3cdd62e980a7352752c9e09bb64f1bc3bc62` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/files/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 1224 content-type image/png
GET H2	200	slider-right.png tesser.com.br/cembr/cembra/files/img/ Frame D0CA	1 KB 1 KB	133ms 133ms	Image image/png	192.185.208.124 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://tesser.com.br/cembr/cembra/files/img/slider-right.png Requested by Host: tesser.com.br URL: https://tesser.com.br/cembr/cembra/files/css/login.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.208.124 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS br142-ip18.hostgator.com.br Software Apache / Resource Hash `1ca024361b724ae43c75054e59a366a1ef518496a2c120bf136a12f888eab49f` Request headers Accept-Language de-DE,de;q=0.9 Referer https://tesser.com.br/cembr/cembra/files/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers date Fri, 01 Apr 2022 20:14:20 GMT last-modified Fri, 01 Apr 2022 19:26:57 GMT server Apache accept-ranges bytes content-length 1221 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cembra (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tesser.com.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8f9bd22081550b597ba9beeff5048a69

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ch-cembra-alert.com
tesser.com.br
www.cembra.ch
www.ch-cembra-alert.com
192.185.208.124
193.223.58.9
69.163.229.11
0eaf7b9d7710f17e57ab9c7f76d941570633c5993fcd5c8503cb7bc81941af8a
136f05afdd9a0413977ce76371bbac4731b959fc4f74e23dc448c452c076c961
1bc5e610982370f1f00157fd084a3cdd62e980a7352752c9e09bb64f1bc3bc62
1ca024361b724ae43c75054e59a366a1ef518496a2c120bf136a12f888eab49f
240575438922c2642616a49fcb1c2b677ba562a475685006990cfa414e6657b7
404abc720db631404f659a0873fe1df65fca1288110bf7713d4a8a090e1726af
549ce7a6604fbc86dba8ebc18fd1e3ca6a0898cfb306bd4c4e6fa3602780bcf1
6a5ec0cc8d92323c875c5af14f366e855a20411e3187002c29c38452735da142
6b0bef914464f65eba80bcc91ef87d42f7e3108e06d3ca796bd578c41355d273
937299920c2867c223e6c7aea867ad66b21382d62dbe9edcbc446e53c431a20d
98c9d0d1932b2f9471963344031f2d720f3346fffcd82c0d34b09c6642e5dc27
b37a9db57ad291741c5a43f24d69e73bd672e47034dd6f8e28599fb907abb768
cd8f413e39247d48ea354b8fb11c227e72f641403bd8d4dd81cd7473d60daafb
cde700dc8a0702914ba678850bebb21cfd0140466f090eb0d45302d258674ff0
ce0392488bdaf30d30425a7459ed5c3d0da132ec5d6ef14150a3d9aa24e5fdc4
db94a25dda5a2c442c4be8099eded4b0add83f9b7ef8775715c64420dbe919c0
e9704f509569e642ea78ac8e5f224884cbdc2167baf8fa0cbd43869fac2942e0
ed5c4f940fbb29ad6ea580e52d696b5badd28efa17ef068f0dda1f5c4026ca45

tesser.com.br Open in urlscan Pro 192.185.208.124 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

332 kBTransfer

923 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

tesser.com.br Open in urlscan Pro
192.185.208.124 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

332 kB
Transfer

923 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!