pagamento.cf Open in urlscan Pro
2606:4700:30::6812:2fd3  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set index2.php Show response pagamento.cf/	7 KB 2 KB	130ms 123ms	Document text/html	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8c841ad8edd8c940a5bdbce8f35f54a2276daa4ee67fa9edb75d607dd7167f57 Request headers Host pagamento.cf Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=da958c439a2ac66dd132fcca8374d88ee1563188689; expires=Tue, 14-Jul-20 11:04:49 GMT; path=/; domain=.pagamento.cf; HttpOnly Vary Accept-Encoding Server cloudflare CF-RAY 4f6b42003833c2db-FRA Content-Encoding gzip
GET H/1.1	200 OK	scripts.js Show response pagamento.cf/	4 KB 1 KB	10ms 10ms	Script application/javascript	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://pagamento.cf/scripts.js Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c1fe4aa08586c1d95ad0b9f4a1e980a7be19c7c3f654cda993a158b52966bf33 Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:30:40 GMT Server cloudflare Age 233 ETag "f41-54604bc81f400-gzip" Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b4200fb0ac2db-FRA Content-Length 858 Expires Mon, 15 Jul 2019 15:04:50 GMT
GET H/1.1	200 OK	01.png pagamento.cf/pictures/	31 KB 32 KB	13ms 12ms	Image image/png	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pagamento.cf/pictures/01.png Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e2e3f2c478b4bec41cf2f2dc9866643ffc7c314672ec00f71a241a38a944ac73 Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:33:42 GMT Server cloudflare Age 227 ETag "7d1d-54604c75b0d80" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b42011b67c2db-FRA Content-Length 32029 Expires Mon, 15 Jul 2019 15:04:50 GMT
GET H/1.1	200 OK	02.png pagamento.cf/pictures/	4 KB 4 KB	20ms 14ms	Image image/png	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pagamento.cf/pictures/02.png Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ac012672fbde51005e33556de5ea06dc805a2065b7cbe91bd8f275c3cd995d67 Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:33:38 GMT Server cloudflare Age 178 ETag "e65-54604c71e0480" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b42011c4e96f2-FRA Content-Length 3685 Expires Mon, 15 Jul 2019 15:04:50 GMT
GET H/1.1	200 OK	03.png pagamento.cf/pictures/	496 B 900 B	19ms 13ms	Image image/png	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pagamento.cf/pictures/03.png Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b68be0ce0f3911c70fe492eb16445c3f319eebb84b38131a4be8a383acf8f11d Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:33:25 GMT Server cloudflare Age 178 ETag "1f0-54604c657a740" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b420128f2c2ef-FRA Content-Length 496 Expires Mon, 15 Jul 2019 15:04:50 GMT
GET H/1.1	200 OK	06.png pagamento.cf/pictures/	564 B 968 B	19ms 14ms	Image image/png	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pagamento.cf/pictures/06.png Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2 Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:32:59 GMT Server cloudflare Age 225 ETag "234-54604c4caecc0" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b42012a27beab-FRA Content-Length 564 Expires Mon, 15 Jul 2019 15:04:50 GMT
GET H/1.1	200 OK	04.png pagamento.cf/pictures/	45 KB 45 KB	25ms 20ms	Image image/png	2606:4700:30::6812:2fd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pagamento.cf/pictures/04.png Requested by Host: pagamento.cf URL: http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP Protocol HTTP/1.1 Security , , Server 2606:4700:30::6812:2fd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5b1ba27de53e11e2a80751ab9c56f7aaabf3279ee0c4b3e6208a29fd34b6c180 Request headers Referer http://pagamento.cf/index2.php?page=chorme.10,25,15KQHlG9hLlru2lk12FWzrHzgFslFzFK1HW94TfDTQEltWrjjT56yrywq1GRkgyygd3PPy5fuDSgE5FzWWQQWyFcd7uySB4R7lajsP User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 15 Jul 2019 11:04:50 GMT CF-Cache-Status HIT Last-Modified Sat, 14 Jan 2017 02:33:23 GMT Server cloudflare Age 225 ETag "b349-54604c63922c0" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4f6b42012d6e63a7-FRA Content-Length 45897 Expires Mon, 15 Jul 2019 15:04:50 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| validar_dados1 function| validar_dados2 function| validar_dados3 function| pulacampo function| SomenteNumero

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pagamento.cf/	1970-01-19 10:58:44	Name: __cfduid Value: da958c439a2ac66dd132fcca8374d88ee1563188689

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pagamento.cf
2606:4700:30::6812:2fd3
5b1ba27de53e11e2a80751ab9c56f7aaabf3279ee0c4b3e6208a29fd34b6c180
8c841ad8edd8c940a5bdbce8f35f54a2276daa4ee67fa9edb75d607dd7167f57
973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2
ac012672fbde51005e33556de5ea06dc805a2065b7cbe91bd8f275c3cd995d67
b68be0ce0f3911c70fe492eb16445c3f319eebb84b38131a4be8a383acf8f11d
c1fe4aa08586c1d95ad0b9f4a1e980a7be19c7c3f654cda993a158b52966bf33
e2e3f2c478b4bec41cf2f2dc9866643ffc7c314672ec00f71a241a38a944ac73