Submitted URL: http://confirapass-acesso.site/
Effective URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB31...
Submission Tags: suspect
Submission: On June 15 via api from BR — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 172.67.168.174, located in United States and belongs to CLOUDFLARENET, US. The main domain is acordocorreto.com.
TLS certificate: Issued by GTS CA 1P5 on May 24th 2024. Valid for: 3 months.
This is the only time acordocorreto.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 7 172.67.168.174 13335 (CLOUDFLAR...)
1 2a04:4e42:400... 54113 (FASTLY)
8 3
Apex Domain
Subdomains
Transfer
7 acordocorreto.com
acordocorreto.com
36 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373
7 KB
1 confirapass-acesso.site
confirapass-acesso.site
464 B
8 3
Domain Requested by
7 acordocorreto.com 2 redirects acordocorreto.com
1 cdn.jsdelivr.net acordocorreto.com
1 confirapass-acesso.site 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
acordocorreto.com
GTS CA 1P5
2024-05-24 -
2024-08-22
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3
2023-09-27 -
2024-10-28
a year crt.sh

This page contains 1 frames:

Primary Page: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Frame ID: 1FA105E82128D20BD2F4C0AB880AFBA4
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://confirapass-acesso.site/ HTTP 307
    https://confirapass-acesso.site/ HTTP 302
    https://acordocorreto.com/funil/ HTTP 302
    https://acordocorreto.com/chat2/ HTTP 302
    https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DC... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

8
Requests

75 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

42 kB
Transfer

90 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://confirapass-acesso.site/ HTTP 307
    https://confirapass-acesso.site/ HTTP 302
    https://acordocorreto.com/funil/ HTTP 302
    https://acordocorreto.com/chat2/ HTTP 302
    https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
acordocorreto.com/chat2/
Redirect Chain
  • http://confirapass-acesso.site/
  • https://confirapass-acesso.site/
  • https://acordocorreto.com/funil/
  • https://acordocorreto.com/chat2/
  • https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D...
50 KB
12 KB
Document
General
Full URL
https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.168.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a0c13fe21698f7cb8145c8d1982f4eaf805ba617deff55ba223b15313696287

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
referer
https://www.google.com

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
894614ab89ff365c-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 15 Jun 2024 22:43:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BMUELwF8J4T2vGkpTx8%2FPQV1l%2B1syfUj0h8TZbq1ruGgm%2F0JSVIkRxGkwkkJxkkO5vdgwbOHZC1gJ90ITFicplf9sAHZR3gu0xgXmR2NJxNv2YANUUCgZcxM6ZTpAJ658KrkGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
894614a7adbe365c-FRA
content-type
text/html; charset=UTF-8
date
Sat, 15 Jun 2024 22:43:44 GMT
location
?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q8e8HOmw6QQeXmYPns84oMhffeGxzSu0prnU8gTpWo9yGJBNNnNvv8DTf%2Bmtj8gMJR80CUnWP%2BNh2odk59iVPOeRPv1yiC09pPoKUC7j7h5H7jE3ln5oh%2FaJ6k7xNIsV0W5aw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
disable-devtool@latest
cdn.jsdelivr.net/npm/
17 KB
7 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/disable-devtool@latest
Requested by
Host: acordocorreto.com
URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.google.com
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 15 Jun 2024 22:43:45 GMT
x-content-type-options
nosniff
content-encoding
br
age
3271
x-jsd-version
0.3.7
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6741
x-served-by
cache-fra-eddf8230031-FRA
x-jsd-version-type
version
etag
W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
serasa-logo.png
acordocorreto.com/chat2/images/
0
0

modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg
acordocorreto.com/chat2/images/
842 B
935 B
Image
General
Full URL
https://acordocorreto.com/chat2/images/modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg
Requested by
Host: acordocorreto.com
URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.168.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.google.com
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date
Sat, 15 Jun 2024 22:43:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 07 Mar 2024 18:54:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"34a-6131699742d40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EofBhLSOJ%2BHRFRImrXjKhCQb%2FnRBeBPmzUhbLyoeKVrFWP1V6rD8CgmW8RVz%2BZ51fRqq%2BEgWxw13m64HIXUxMxBENaAOe9LCD6kBo%2F9iW9qJ6XYkx4JGfetOypFTrGRoIwXjHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
894614af9dcb365c-FRA
alt-svc
h3=":443"; ma=86400
notiflix-aio-2.6.0.min.js.download
acordocorreto.com/chat2/main/
0
0
Script
General
Full URL
https://acordocorreto.com/chat2/main/notiflix-aio-2.6.0.min.js.download
Requested by
Host: acordocorreto.com
URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.168.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.google.com
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date
Sat, 15 Jun 2024 22:43:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qS1mrYBiDybMD2IJmyttpcunPT6KVuf%2BKVE7ClOznB4SJtQFN0CwGAyK5Ssyr%2BmJ6I1OUuf0865RqKoZ5n8TnYy6CxkW7AP%2BtDiq7oUYZveyzmPq%2BVjlWn1IpZdRgBiIpVhpbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cf-ray
894614af6d9c365c-FRA
alt-svc
h3=":443"; ma=86400
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
acordocorreto.com/chat2/fonts/
11 KB
11 KB
Font
General
Full URL
https://acordocorreto.com/chat2/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: acordocorreto.com
URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.168.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer
https://www.google.com
Origin
https://acordocorreto.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date
Sat, 15 Jun 2024 22:43:45 GMT
cf-cache-status
MISS
last-modified
Thu, 07 Mar 2024 18:54:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2b14-6131699836f80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ST9GBjQjU2MO4wUscTTRBYhqB4JIHfTy3mS09Yib2B%2FXshoMIt2DwEhpz5lbJlcY1E4lu9hv8pCJnuvtqPYY%2F03BurUxCIsW2kGlOQ14JJGm6bSt7kdAYq2g9Styevl0jFtDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
894614af9dd4365c-FRA
alt-svc
h3=":443"; ma=86400
content-length
11028
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
acordocorreto.com/chat2/fonts/
11 KB
11 KB
Font
General
Full URL
https://acordocorreto.com/chat2/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: acordocorreto.com
URL: https://acordocorreto.com/chat2/?page=home&a=B65F18C1F72227C95065773F9B309317D1EDD897SECURED19145965DCAC33E1C126D9FA11FB3112B797D86ACCESS&b=C180B549596D79C924BC9DC333EA744DC111807ESECURE3C564597D1D2D35C4FEC6EC0D6E7E95A9D507C96ACCESS&c=B2B09B8D9FBC7939E566D05EC069CF51033CCD63SECURE90ACA094A68C432F2786A1A198B10BD2AF3B8E26ACCESS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.168.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

Referer
https://www.google.com
Origin
https://acordocorreto.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date
Sat, 15 Jun 2024 22:43:45 GMT
cf-cache-status
MISS
last-modified
Thu, 07 Mar 2024 18:54:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2b20-6131699742d40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCA5LaqXMCa8ZBKVm23snyCs%2Fd%2FkzNoGShpD4Et%2BdfcJFhkDGHkFF0dQ0G43%2BoH2iQgTr4KrWdXkOE6H2Jr2N1%2FHSqU69PdE%2FyD5g6gFsqJOQi1fAMHUTcA0nzQmm9izrUsNSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
894614af9dd7365c-FRA
alt-svc
h3=":443"; ma=86400
content-length
11040
KFOmCnqEu92Fr1Me5g.woff
acordocorreto.com/chat2/fonts/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
acordocorreto.com
URL
https://acordocorreto.com/chat2/images/serasa-logo.png
Domain
acordocorreto.com
URL
https://acordocorreto.com/chat2/fonts/KFOmCnqEu92Fr1Me5g.woff

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://acordocorreto.com/chat2/main/notiflix-aio-2.6.0.min.js.download
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning URL: https://cdn.jsdelivr.net/npm/disable-devtool@latest
Message:
Scripts may close only the windows that were opened by them.