liberajaconsgnado.com
Open in
urlscan Pro
66.70.251.1
Malicious Activity!
Public Scan
Effective URL: https://liberajaconsgnado.com/
Submission: On April 03 via api from BR — Scanned from CA
Summary
TLS certificate: Issued by R3 on April 2nd 2024. Valid for: 3 months.
This is the only time liberajaconsgnado.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Caixa (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 66.70.251.1 66.70.251.1 | 16276 (OVH) (OVH) | |
4 | 151.101.193.229 151.101.193.229 | 54113 (FASTLY) (FASTLY) | |
3 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
liberajaconsgnado.com
liberajaconsgnado.com |
669 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 332 |
77 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
272 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
10 | liberajaconsgnado.com |
liberajaconsgnado.com
|
4 | cdn.jsdelivr.net |
liberajaconsgnado.com
|
3 | cdnjs.cloudflare.com |
liberajaconsgnado.com
cdnjs.cloudflare.com |
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
liberajaconsgnado.com R3 |
2024-04-02 - 2024-07-01 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://liberajaconsgnado.com/
Frame ID: EA72DC6420F7C37954858599A0DB4BBA
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Empréstimo Auxilio BrasilPage URL History Show full URLs
-
http://liberajaconsgnado.com/
HTTP 307
https://liberajaconsgnado.com/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- <link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
- sweetalert2(?:\.all)?(?:\.min)?\.js
- /npm/sweetalert2@([\d.]+)
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://liberajaconsgnado.com/
HTTP 307
https://liberajaconsgnado.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
liberajaconsgnado.com/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
liberajaconsgnado.com/assets/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/ |
227 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.css
cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aux_brasil.png
liberajaconsgnado.com/assets/images/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bolsa_familia_logo.png
liberajaconsgnado.com/assets/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8638314_whatsapp_compress.png
liberajaconsgnado.com/assets/images/ |
398 KB 399 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tutorial_1.png
liberajaconsgnado.com/assets/images/ |
210 KB 210 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x-volume-positiva-54-v2.png
liberajaconsgnado.com/assets/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic-acesso-informacao-54-v2.png
liberajaconsgnado.com/assets/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.js
cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/ |
40 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/js/ |
79 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FuturaLT-Bold.woff
liberajaconsgnado.com/assets/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ |
147 KB 147 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ |
105 KB 106 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
caixa_tem.png
liberajaconsgnado.com/assets/images/ |
9 KB 9 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Caixa (Government)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| disableSelection number| touchduration string| elemtype function| touchstart function| touchend function| blockUserIP function| logEvent function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal number| uidEvent object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
liberajaconsgnado.com
104.17.24.14
151.101.193.229
66.70.251.1
16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0
311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270
5ba7b24088ced5ffe836b6ccb3256a298ae314fa39370d81660f900617f3519a
7043feefd690383b729f86945926407cce14e43448e21c345d0382a81a9789ef
714c76b566247379dbb72bc485b762433a0c5a19277f538bbb0daab84db031f7
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
8651eae74447f591887264b3e8d5407f67475149f8ef903840449e10f5e35604
9144b7effbff750a6bf238f1bcbb61e4648f7df0b17873126fa038aa7f633340
af3b21fef32af9e224f88c344c2a09554c5c5041e5a62f0dff96806ce8906995
b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e
c547741d4973888d9f430629a7c626a0dc36515ef33c7b4c8bc86a73a3360160
e85cdaba15e6c638d658318f887c0b9d19c6b7028f38624b51c4af16cee940d0
ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0