20.163.2.158 Open in urlscan Pro
20.163.2.158 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Submission: On March 17 via manual (March 17th 2023, 11:41:28 am UTC) from BR — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 12 HTTP transactions. The main IP is 20.163.2.158, located in Phoenix, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is 20.163.2.158.

This is the only time 20.163.2.158 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sistema de Cooperativas de Crédito – Ailos (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3	20.163.2.158 20.163.2.158	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.225.21.44 13.225.21.44	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	8

3 20.163.2.158 (Phoenix, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

20.163.2.158	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.21.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-21-44.bru50.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	gstatic.com fonts.gstatic.com	91 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	4 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 ajax.googleapis.com — Cisco Umbrella Rank: 305	32 KB
1	fontawesome.com pro.fontawesome.com — Cisco Umbrella Rank: 4831	29 KB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 13609	19 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 337	19 KB
12	6

	Domain	Requested by
2	fonts.gstatic.com	fonts.googleapis.com
2	cdnjs.cloudflare.com	20.163.2.158
1	pro.fontawesome.com	20.163.2.158
1	js.pusher.com	20.163.2.158
1	cdn.jsdelivr.net	20.163.2.158
1	ajax.googleapis.com	20.163.2.158
1	fonts.googleapis.com	20.163.2.158
12	7

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
js.pusher.com Amazon RSA 2048 M01	`2023-02-22` - `2023-06-11`	4 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Frame ID: 3B1A05FDCCA99A852655E485AAF7E007
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VIACREDI | Conta Online

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/npm/sweetalert2@([\d.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

12
Requests

67 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

8
IPs

2
Countries

800 kB
Transfer

1793 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

http://cdn.jsdelivr.net/npm/sweetalert2@11 HTTP 307
https://cdn.jsdelivr.net/npm/sweetalert2@11

12 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
20.163.2.158/pt=343493489sAKJAKDKDKD/ 1 MB
476 KB 681ms
542ms Document
text/html 20.163.2.158
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Protocol: HTTP/1.1
Server: 20.163.2.158 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 3cf132fa631d407241b8b27cb32bf7661939e2ec7e4b23126a2655118f2f63aa

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Mar 2023 11:41:22 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 css2
fonts.googleapis.com/ 33 KB
2 KB 134ms
50ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Requested by

Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66988964c9a8d6e5e907e3311e688958d3445e2f8496a56c5a7806e333cf237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Mar 2023 11:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Mar 2023 10:57:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Mar 2023 11:41:23 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 667a7904015e8a7f8efad8c0af3106d275a261adde9de7e801416ecc2fc5a41f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ 88 KB
31 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 15:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 160449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31100
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 18:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 15:07:14 GMT

GET
H2 200 jquery.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/ 1 KB
1 KB 30ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

Requested by

Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 11:41:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 377427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 591
last-modified: Mon, 04 May 2020 16:11:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec1-514"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mm0DEI%2FzsmvZLBgnZgbMc6dwRKHfwvhwkM5%2FUQ%2FY2xlI3a%2BiWoqCRiY0jc3HlOtRIwnCTnBGrnhjtBrR4vYOiIVm9ezHQRb029wXfjUcw%2B77XJAt3lB9BhHUnrubR1TAoYa2jH3QHNywmFNOiFaUM0Gk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a94f76f3bf19c04-FRA
expires: Wed, 06 Mar 2024 11:41:23 GMT

GET
H/1.1 404
Not Found functions.js
20.163.2.158/pt=343493489sAKJAKDKDKD/js/ 0
0 182ms
181ms Script
text/html 20.163.2.158
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/js/functions.js?t=6382a6dc21c08
Requested by: Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Protocol: HTTP/1.1
Server: 20.163.2.158 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Fri, 17 Mar 2023 11:41:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 274
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 jquery.mask.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/ 6 KB
3 KB 31ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js

Requested by

Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 11:41:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5283558
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2243
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-16bb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SP%2B%2BTTAtN1blabC7MaP6oPDhD%2FxHH7tNlAm64y8x%2BcXZpuX3BfD9O53fiHaTbYlMGqWtBWpjSsybKDciVWuwbkLsq7guze50REcFcAoVkH6DYOycJYB2ApzP2F4cV3DvNNdPAJWjLJWPz6aSUlv10Wka"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a94f76f3bf29c04-FRA
expires: Wed, 06 Mar 2024 11:41:23 GMT

GET
H/1.1 200
OK main.js Show response
20.163.2.158/pt=343493489sAKJAKDKDKD/js/ 1 KB
1005 B 319ms
181ms Script
application/javascript 20.163.2.158
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/js/main.js?t=6382a6dc21c0d
Requested by: Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Protocol: HTTP/1.1
Server: 20.163.2.158 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: df390ea151dd765b560d526a8cefac8566dace928791a614b84a0d7af8d277d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Fri, 17 Mar 2023 11:41:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Dec 2022 19:31:34 GMT
Server: Apache/2.4.29 (Ubuntu)
ETag: "581-5ef5615b59180-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 655

GET
H2

200

sweetalert2@11 Show response
cdn.jsdelivr.net/npm/
Redirect Chain

http://cdn.jsdelivr.net/npm/sweetalert2@11
https://cdn.jsdelivr.net/npm/sweetalert2@11

63 KB
19 KB

35ms
18ms

Script
application/javascript

2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11

Requested by

Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM

Protocol

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b741437f08ff5a83072016e615fb8eb59bf5c2d03defb4027ec151de9d4ae0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 11:41:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 36052
x-jsd-version: 11.7.3
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230029-FRA, cache-bma1677-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"fb54-2L7bOYXVT4xM2BDJlwfWdfStbCc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVdAJ0eT5ABhMc4qe0Abek7DQzS1UM8w7YGCZcINMPxB3UpBjtZQzFvkPM7whumw9H42W0I6KQzx42Em31fY5vGLxmDFBQzAmsarl4w5quMQFjCun8saytqEI3QDi7pExHDazWEUvV7eJaRNUW4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7a94f76f3afb3a66-FRA

Redirect headers

Location: https://cdn.jsdelivr.net/npm/sweetalert2@11
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 pusher.min.js Show response
js.pusher.com/7.2/ 69 KB
19 KB 124ms
21ms Script
application/javascript 13.225.21.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pusher.com/7.2/pusher.min.js
Requested by: Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.21.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-21-44.bru50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 03:20:15 GMT
content-encoding: gzip
via: 1.1 60e71fe7e3db53eea86ce8b59ae62a6a.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 13:45:32 GMT
server: AmazonS3
x-amz-cf-pop: BRU50-C1
age: 894069
etag: W/"99f7f95a02d32c6b8587afa7e7440d3f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=2592000
x-amz-cf-id: Tqpl8YwmrpuDIYulfgN1K5dMqDpXuA_QeVX9G4-kUeCWFkDDzIzdOA==

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edbd02f128e1b69fc350b2d2ff357992c3e00bf1fef2b3ae973318de36741cde

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 117 KB
117 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9522727eadd961fb2b15008598abb99dd9216c38d1700eb37ebfc26b393d56e

Request headers

Referer: http://20.163.2.158/
Origin: http://20.163.2.158
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 122ms
38ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://20.163.2.158
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:05:33 GMT
x-content-type-options: nosniff
age: 110150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 05:05:33 GMT

GET
DATA 200
OK truncated
/ 13 KB
13 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8701b2ed392e823f8a35712a45a94e733685cf8a5b7afb6906f7cbdddec950a5

Request headers

Referer: http://20.163.2.158/
Origin: http://20.163.2.158
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v34/ 47 KB
47 KB 171ms
91ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://20.163.2.158
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 17:32:46 GMT
x-content-type-options: nosniff
age: 583717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47952
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Mar 2024 17:32:46 GMT

GET
H2 200 all.css
pro.fontawesome.com/releases/v5.10.0/css/ 153 KB
29 KB 66ms
29ms Stylesheet
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by: Host: 20.163.2.158
URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/?kp=GyKTSvlQpnTvWGFhEjkaxYtSCPkxSpvphJaZftsQSJePyfWqbZAKqMxmlCAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://20.163.2.158/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 11:41:24 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 28 Jun 2021 16:54:32 GMT
server: cloudflare
x-amz-request-id: VHH30V7FJ7GJZS97
age: 14224715
etag: W/"aa1272633e7e552395d147a499bad186"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7a94f7716dbb9bb2-FRA
x-amz-id-2: R8LTEJgP+ykLb6FwSi8ubFYw8pTfOE3gaSpGPud2ocA2CcC/jUTjaCYku7v06KF54amppvYwepQ=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sistema de Cooperativas de Crédito – Ailos (Financial)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://20.163.2.158/pt=343493489sAKJAKDKDKD/js/functions.js?t=6382a6dc21c08 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
js.pusher.com
pro.fontawesome.com
13.225.21.44
20.163.2.158
2606:4700::6810:5914
2606:4700::6811:180e
2606:4700::6812:1734
2a00:1450:4001:80f::2003
2a00:1450:4001:813::200a
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
3cf132fa631d407241b8b27cb32bf7661939e2ec7e4b23126a2655118f2f63aa
667a7904015e8a7f8efad8c0af3106d275a261adde9de7e801416ecc2fc5a41f
66988964c9a8d6e5e907e3311e688958d3445e2f8496a56c5a7806e333cf237d
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
8701b2ed392e823f8a35712a45a94e733685cf8a5b7afb6906f7cbdddec950a5
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029
b741437f08ff5a83072016e615fb8eb59bf5c2d03defb4027ec151de9d4ae0da
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
df390ea151dd765b560d526a8cefac8566dace928791a614b84a0d7af8d277d7
e9522727eadd961fb2b15008598abb99dd9216c38d1700eb37ebfc26b393d56e
edbd02f128e1b69fc350b2d2ff357992c3e00bf1fef2b3ae973318de36741cde

20.163.2.158 Open in urlscan Pro 20.163.2.158 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

67 %HTTPS

71 %IPv6

6 Domains

7 Subdomains

8 IPs

2 Countries

800 kBTransfer

1793 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

20.163.2.158 Open in urlscan Pro
20.163.2.158 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

67 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

8
IPs

2
Countries

800 kB
Transfer

1793 kB
Size

0
Cookies

12 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!