liberajaconsgnado.com Open in urlscan Pro
66.70.251.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://liberajaconsgnado.com/
Effective URL:
https://liberajaconsgnado.com/
Submission: On April 03 via api (April 3rd 2024, 4:16:54 pm UTC) from BR — Scanned from CA

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 66.70.251.1, located in Canada and belongs to OVH, FR. The main domain is liberajaconsgnado.com.
TLS certificate: Issued by R3 on April 2nd 2024. Valid for: 3 months.

This is the only time liberajaconsgnado.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

	IP Address	AS Autonomous System
10	66.70.251.1 66.70.251.1	16276 (OVH) (OVH)
4	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	3

10 66.70.251.1 (Canada)

ASN16276 (OVH, FR)
PTR: ip1.ip-66-70-251.net

liberajaconsgnado.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.193.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	liberajaconsgnado.com liberajaconsgnado.com	669 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 332	77 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	272 KB
17	3

	Domain	Requested by
10	liberajaconsgnado.com	liberajaconsgnado.com
4	cdn.jsdelivr.net	liberajaconsgnado.com
3	cdnjs.cloudflare.com	liberajaconsgnado.com cdnjs.cloudflare.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
liberajaconsgnado.com R3	`2024-04-02` - `2024-07-01`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://liberajaconsgnado.com/
Frame ID: EA72DC6420F7C37954858599A0DB4BBA
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Empréstimo Auxilio Brasil

Page URL History Show full URLs

http://liberajaconsgnado.com/ HTTP 307
https://liberajaconsgnado.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
sweetalert2(?:\.all)?(?:\.min)?\.js
/npm/sweetalert2@([\d.]+)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1019 kB
Transfer

1397 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://liberajaconsgnado.com/ HTTP 307
https://liberajaconsgnado.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
liberajaconsgnado.com/
Redirect Chain

http://liberajaconsgnado.com/
https://liberajaconsgnado.com/

11 KB
4 KB

419ms
63ms

Document
text/html

66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PHP/8.2.17 PleskLin
Resource Hash: 9144b7effbff750a6bf238f1bcbb61e4648f7df0b17873126fa038aa7f633340

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-length: 3711
content-type: text/html; charset=UTF-8
date: Wed, 03 Apr 2024 16:16:49 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.17 PleskLin

Redirect headers

Location: https://liberajaconsgnado.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 index.css
liberajaconsgnado.com/assets/css/ 3 KB
1 KB 56ms
53ms Stylesheet
text/css 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://liberajaconsgnado.com/assets/css/index.css
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: 7043feefd690383b729f86945926407cce14e43448e21c345d0382a81a9789ef

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
content-encoding: br
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: W/"65fb7073-d57"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/ 227 KB
34 KB 73ms
21ms Stylesheet
text/css 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css

Requested by

Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Apr 2024 16:16:49 GMT
x-content-type-options: nosniff
content-encoding: br
age: 9396843
x-jsd-version: 5.3.0-alpha3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 34794
x-served-by: cache-fra-eddf8230067-FRA, cache-yyz4532-YYZ
x-jsd-version-type: version
etag: W/"38cf3-SvPX4VpqOAxsurukLprfMwtJ1Y8"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/ 100 KB
19 KB 63ms
32ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

Requested by

Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1010071
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18752
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6421d693-4940"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NnfV91vApeX1XVCwSCVjep%2F4PCzfC7726cigvlnLrEXW5YczEvqdlhQb2k0ytggjhOPAWJimZUsryewg0YWaZ8pJPQIyuRNSR6dz3jeTQPQ7eh347m%2BTA%2F6N3ajOp6X6T86nOa6s"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86ea5d85ca7953ef-YYZ
expires: Mon, 24 Mar 2025 16:16:49 GMT

GET
H2 200 sweetalert2.min.css
cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/ 22 KB
5 KB 79ms
20ms Stylesheet
text/css 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/sweetalert2.min.css

Requested by

Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Apr 2024 16:16:49 GMT
x-content-type-options: nosniff
content-encoding: br
age: 3155565
x-jsd-version: 11.1.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4543
x-served-by: cache-fra-etou8220120-FRA, cache-yyz4533-YYZ
x-jsd-version-type: version
etag: W/"58a2-XPxzoPU1bK3mp3tlYqyqsfPgWT4"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 aux_brasil.png
liberajaconsgnado.com/assets/images/ 24 KB
24 KB 90ms
88ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/aux_brasil.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: 714c76b566247379dbb72bc485b762433a0c5a19277f538bbb0daab84db031f7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-6157"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 24919

GET
H2 200 bolsa_familia_logo.png
liberajaconsgnado.com/assets/images/ 18 KB
18 KB 50ms
49ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/bolsa_familia_logo.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: c547741d4973888d9f430629a7c626a0dc36515ef33c7b4c8bc86a73a3360160

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-47fd"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 18429

GET
H2 200 8638314_whatsapp_compress.png
liberajaconsgnado.com/assets/images/ 398 KB
399 KB 118ms
117ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/8638314_whatsapp_compress.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: e85cdaba15e6c638d658318f887c0b9d19c6b7028f38624b51c4af16cee940d0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-63965"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 407909

GET
H2 200 tutorial_1.png
liberajaconsgnado.com/assets/images/ 210 KB
210 KB 117ms
116ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/tutorial_1.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: af3b21fef32af9e224f88c344c2a09554c5c5041e5a62f0dff96806ce8906995

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-347d7"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 214999

GET
H2 200 x-volume-positiva-54-v2.png
liberajaconsgnado.com/assets/images/ 1 KB
1 KB 118ms
117ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/x-volume-positiva-54-v2.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: 311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-4a4"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 1188

GET
H2 200 ic-acesso-informacao-54-v2.png
liberajaconsgnado.com/assets/images/ 2 KB
2 KB 115ms
115ms Image
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://liberajaconsgnado.com/assets/images/ic-acesso-informacao-54-v2.png
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: 8651eae74447f591887264b3e8d5407f67475149f8ef903840449e10f5e35604

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-6ea"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 1770

GET
H2 200 sweetalert2.min.js Show response
cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/ 40 KB
14 KB 64ms
21ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11.1.4/dist/sweetalert2.min.js

Requested by

Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Apr 2024 16:16:49 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1958549
x-jsd-version: 11.1.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14000
x-served-by: cache-fra-eddf8230023-FRA, cache-yyz4533-YYZ
x-jsd-version-type: version
etag: W/"a179-2mFwocqehtoTtDIUa1/rc2AMXuI"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/js/ 79 KB
25 KB 57ms
21ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/js/bootstrap.bundle.min.js

Requested by

Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Apr 2024 16:16:49 GMT
x-content-type-options: nosniff
content-encoding: br
age: 3504780
x-jsd-version: 5.3.0-alpha3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24750
x-served-by: cache-fra-eddf8230059-FRA, cache-yyz4532-YYZ
x-jsd-version-type: version
etag: W/"13ac2-jNeXExg3GrPRY3nfbPslSlxkn8o"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 404 FuturaLT-Bold.woff
liberajaconsgnado.com/assets/assets/fonts/ 0
0 245ms
244ms Font
text/html 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://liberajaconsgnado.com/assets/assets/fonts/FuturaLT-Bold.woff
Requested by: Host: liberajaconsgnado.com
URL: https://liberajaconsgnado.com/assets/css/index.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/assets/css/index.css
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
content-encoding: br
last-modified: Wed, 27 Mar 2024 18:29:30 GMT
server: nginx
etag: W/"328-614a896639525"
content-type: text/html

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ 147 KB
147 KB 30ms
30ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2929099
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 150124
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6421d693-24a6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5MxzSlIm8LV2n%2FW8wjbQBAIfz8AvDWRKg38Cgd4xjniBgB%2F09BBnMHCqaWGsZuyRiR8zLtW3BFidRqi2g%2BePnURLa%2BwQj%2FDQlo9DUVJf0inPZwpplDs4XFwFHAY6McVPb2PFKdD"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86ea5d863b5e53ef-YYZ
expires: Mon, 24 Mar 2025 16:16:49 GMT

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ 105 KB
106 KB 127ms
127ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
Origin: https://liberajaconsgnado.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:49 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1121918
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 108020
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6421d693-1a5f4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8WhCiHh3%2Ba%2Bvhwic7f7mXW43NzyhOogc%2BKqTut5i6zzfFA4sX7lYVOVHJLmEWZfI%2BS4QeBNcZAETt6HdrTMiLv3F8mBtfGMlB5ez2b%2F9NRHwNodT3NGoha8HiyxWAidZ4rxK1tb"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86ea5d863b6153ef-YYZ
expires: Mon, 24 Mar 2025 16:16:49 GMT

GET
H2 200 caixa_tem.png
liberajaconsgnado.com/assets/images/ 9 KB
9 KB 39ms
39ms Other
image/png 66.70.251.1
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://liberajaconsgnado.com/assets/images/caixa_tem.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 66.70.251.1 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip1.ip-66-70-251.net
Software: nginx / PleskLin
Resource Hash: 5ba7b24088ced5ffe836b6ccb3256a298ae314fa39370d81660f900617f3519a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://liberajaconsgnado.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 16:16:50 GMT
last-modified: Wed, 20 Mar 2024 23:25:39 GMT
server: nginx
etag: "65fb7073-2471"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 9329

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://liberajaconsgnado.com/assets/assets/fonts/FuturaLT-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
liberajaconsgnado.com
104.17.24.14
151.101.193.229
66.70.251.1
16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0
311f1ab2729014aa567869f260192aa0de9283534efa405bd36d1b8d8f235270
5ba7b24088ced5ffe836b6ccb3256a298ae314fa39370d81660f900617f3519a
7043feefd690383b729f86945926407cce14e43448e21c345d0382a81a9789ef
714c76b566247379dbb72bc485b762433a0c5a19277f538bbb0daab84db031f7
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
8651eae74447f591887264b3e8d5407f67475149f8ef903840449e10f5e35604
9144b7effbff750a6bf238f1bcbb61e4648f7df0b17873126fa038aa7f633340
af3b21fef32af9e224f88c344c2a09554c5c5041e5a62f0dff96806ce8906995
b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e
c547741d4973888d9f430629a7c626a0dc36515ef33c7b4c8bc86a73a3360160
e85cdaba15e6c638d658318f887c0b9d19c6b7028f38624b51c4af16cee940d0
ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0

liberajaconsgnado.com Open in urlscan Pro 66.70.251.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

1019 kBTransfer

1397 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

liberajaconsgnado.com Open in urlscan Pro
66.70.251.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1019 kB
Transfer

1397 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!