credito-seguro.buider-sys.pro
Open in
urlscan Pro
2a02:4780:13:987:0:178e:e7db:f
Malicious Activity!
Public Scan
Submission: On April 14 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 14th 2024. Valid for: 3 months.
This is the only time credito-seguro.buider-sys.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Caixa (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2a02:4780:13:... 2a02:4780:13:987:0:178e:e7db:f | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
8 | 89.117.7.198 89.117.7.198 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
2 | 2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 6 |
ASN47583 (AS-HOSTINGER, CY)
credito-seguro.buider-sys.pro |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
buider-sys.pro
credito-seguro.buider-sys.pro |
686 KB |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183 |
70 KB |
1 |
userstatics.com
userstatics.com — Cisco Umbrella Rank: 78042 |
645 B |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 97 |
274 B |
0 |
liberarnovasolicitacao.online
Failed
liberarnovasolicitacao.online Failed |
|
20 | 5 |
Domain | Requested by | |
---|---|---|
15 | credito-seguro.buider-sys.pro |
credito-seguro.buider-sys.pro
|
2 | connect.facebook.net |
credito-seguro.buider-sys.pro
connect.facebook.net |
1 | userstatics.com |
credito-seguro.buider-sys.pro
|
1 | www.facebook.com |
credito-seguro.buider-sys.pro
|
0 | liberarnovasolicitacao.online Failed | |
20 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
credito-seguro.buider-sys.pro R3 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2024-01-23 - 2024-04-22 |
3 months | crt.sh |
userstatics.com E1 |
2024-03-28 - 2024-06-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://credito-seguro.buider-sys.pro/
Frame ID: FD7936FB86506509157D7BFDE25E0B4D
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Empréstimo Auxilio BrasilDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- <link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
- sweetalert2(?:\.all)?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
credito-seguro.buider-sys.pro/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
credito-seguro.buider-sys.pro/src/assets/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
credito-seguro.buider-sys.pro/src/assets/css/ |
227 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
credito-seguro.buider-sys.pro/src/assets/css/ |
122 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.css
credito-seguro.buider-sys.pro/src/assets/css/ |
22 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aux_brasil.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bolsa_familia_logo.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8638314_whatsapp_compress.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
270 KB 271 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tutorial_1.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x-volume-positiva-54-v2.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
982 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ic-acesso-informacao-54-v2.png
credito-seguro.buider-sys.pro/src/assets/imgs/ |
960 B 1009 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sweetalert2.min.js
credito-seguro.buider-sys.pro/src/assets/js/ |
40 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
credito-seguro.buider-sys.pro/src/assets/js/ |
79 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
218 KB 59 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
credito-seguro.buider-sys.pro/src/assets/fonts/ |
147 KB 147 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-brands-400.woff2
credito-seguro.buider-sys.pro/src/assets/fonts/ |
105 KB 106 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
607478584510967
connect.facebook.net/signals/config/ |
56 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 274 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
caixa_tem.png
liberarnovasolicitacao.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
userstatics.com/get/ |
133 B 645 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- liberarnovasolicitacao.online
- URL
- https://liberarnovasolicitacao.online/images/caixa_tem.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Caixa (Government)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| fbq function| _fbq function| deleteAllCookies object| aceitarContratoBtn function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal number| uidEvent object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.buider-sys.pro/ | Name: _fbp Value: fb.1.1713136384265.1033558535 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
credito-seguro.buider-sys.pro
liberarnovasolicitacao.online
userstatics.com
www.facebook.com
liberarnovasolicitacao.online
188.114.97.3
2a02:4780:13:987:0:178e:e7db:f
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
89.117.7.198
0bc556b39c65201bd4bc63f0062e428580e31c03d046fb58a2c5602adc5019d2
16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a
254035f46a1e99ce2bb3c0bf1a19658809e8351e2a9d5f7ebc57193ee0a4cbf0
259ebfc91f8d7fdf857a0311eaa4a1f3d27576df41ece7321e4272e618a44852
32265765678fc213b95bf6c82a82616511dc12967f67f896dda6df7fd820d592
34ed364796a0991f553ef8cf815f8031a1dbe7eca0bd210ca25ed63c90647170
48edea14e367dd808b0674fa4ef0cb96e87679e717f95d37d454ff27bd2d20fe
67ade3dc20f9edc0bff12ea49f18f9579c58bd5e73ef63806cd778d1c2c05d76
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
88edfd7d301e4c23f8aa5f0d31302620e16414a90a328fa0513f786efdcc2fb7
9647d991e8f6c774daafdf26e34b0de49d1443cba8d763c67888987f993887d6
a23bc241647e57f561aef14b09c3e9c6ea14caf2358278cc725eeb179b303ea3
b594b8d833ee6135c84734924c94bd83028fbfcfa98256c17cdb4950dbddc96e
bda2cf571d7ea45f68afcdc87f968090dbf4bbdec2c7d6d19ce591b3980c296f
df22f350b3aa8616d1717e2125575073d29ac5ed8886139b855a08ec8c657300
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc3ce1c3377cbb38f54381f81ab7b58399441ab228b2c9698ace80f69f6e08e2