Golpe : GOVBR INFORMA: SEU VALOR DO INSS ATUALIZOU, CLIQUE ABAIXO E SIMULE GRATIS

Dono do Golpe: +55 (71)3180-3584 (CREDPARCEIRO Assessoria)

Golpe : phishing 

Link da armadilha: https://kmya.to/pSnYSWh

Estrutura do phishing:

date: Sun, 26 Apr 2026 01:18:04 GMT

content-type: text/html; charset=utf-8

location: https://wa.me/557131803584?text=%28mar%29+Oi%2C+recebi+o+SMS+e+quero+saber+o+valor+disponivel+para+liberacao+hoje.+Meu+telefone%3A ( telefone da vítima)

cache-control: no-cache, private

set-cookie: XSRF-TOKEN=eyJpdiI6InBoUUdTS1liMnFZcmZBNmZlMlJXQnc9PSIsInZhbHVlIjoic1R0VS9pekJ4Z3FYTlBXUnprSjZoRytjSFBTRlJsRVZHYVRpSXNvRFp3bUp4VkdJbTVpU1FsUEI4RXFhZ0JmV0hOKzJqU25RcytUUEZNanB1VkFNdmw0bklFcHRxbkRuMnJCWEdVU1lvUkxOZjR3YkM1d05PZ0xZQUduWkxQQmoiLCJtYWMiOiIzYzdkMjZlYzZkNmI4ZTRlOTk1MmExMzY4ZWExMTQyZjE3OTQ3NjM3ODA2YWQzMGNmMTkwNmJhNTA3MGJkOGM2IiwidGFnIjoiIn0%3D; expires=Sun, 26-Apr-2026 03:18:04 GMT; Max-Age=7200; path=/; secure; SameSite=lax

set-cookie: kolmeya_shortener_session=eyJpdiI6IjdqTTNYVkZCNUNhMmlGait6OXlMM1E9PSIsInZhbHVlIjoiYTJZUlFRZVVaU1NQN0REVXJZTUtoNkY4M0JmdVdaUElydU5EM28xT0hrSVBWazVJd1l6Ny9UNS9pNm5CMGh1aHp4Vmt2VC9jbHZVbGtMb0FmQ0cydktCeWRGWGpBUDdsbjJiSGRTVUJQUFdZclVzb2hsUEtqSnRGLzhmL1BNMFoiLCJtYWMiOiI4YmMwOTE4Yzc3OWVkMmNlYjRkZmMzZDkyY2Y5ZTg2YjA0ODdhYTU3OTdjMmQ4MDQ2NzVhMzY0YzdkMGYxMjhlIiwidGFnIjoiIn0%3D; expires=Sun, 26-Apr-2026 03:18:04 GMT; Max-Age=7200; path=/; secure; HttpOnly; SameSite=lax

x-frame-options: SAMEORIGIN

x-xss-protection: 1; mode=block

x-content-type-options: nosniff

HTTP/2 302 

vary: Accept-Encoding

location: https://api.whatsapp.com/send/?phone=557131803584&text=%28mar%29+Oi%2C+recebi+o+SMS+e+quero+saber+o+valor+disponivel+para+liberacao+hoje.+Meu+telefone%3A ( telefone da vítima)&type=phone_number&app_absent=0

reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"

report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}

x-frame-options: DENY

content-security-policy: default-src 'self' blob: *.whatsapp.net *.whatsapp.com *.fbcdn.net *.facebook.com *.facebook.net;script-src *.whatsapp.com *.whatsapp.net *.facebook.com *.facebook.net 'nonce-80NufltT' 'self' blob: *.fbcdn.net;style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com 'self' blob: *.fbcdn.net *.facebook.net;connect-src *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net 'self' data: blob:;font-src *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net 'self' data: blob:;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net 'self' data: blob:;media-src *.fbcdn.net 'self' data: blob:;child-src 'self' data: blob:;frame-src *.facebook.com *.whatsapp.com 'self' blob: whatsapp:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src *.whatsapp.com *.whatsapp.net *.facebook.com *.facebook.net 'nonce-80NufltT' 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;

document-policy: force-load-at-top

document-policy: include-js-call-stacks-in-crash-reports

permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"

cross-origin-resource-policy: cross-origin

cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"

cross-origin-opener-policy: unsafe-none

pragma: no-cache

cache-control: private, no-cache, no-store, must-revalidate

expires: Sat, 01 Jan 2000 00:00:00 GMT

x-content-type-options: nosniff

x-xss-protection: 0

origin-agent-cluster: ?1

strict-transport-security: max-age=31536000; preload; includeSubDomains

content-type: text/html; charset="utf-8"

x-fb-debug: zZiiPbUvlmp4ZHjfWHQBW/ajVjdaT/9kfA1WD/RADC5lY0ZlIF1IYWUrCnk1FmFDJ0Q5CWirLvppsyA4KpkUUg==

content-length: 0

date: Sun, 26 Apr 2026 01:18:10 GMT

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=4, rtx=0, c=17, mss=1380, tbw=4601, tp=-1, tpl=-1, uplat=138, ullat=0

alt-svc: h3=":443"; ma=86400

HTTP/2 200 

vary: Accept-Encoding

set-cookie: wa_lang_pref=pt_br; expires=Sun, 03-May-2026 01:18:15 GMT; Max-Age=604800; path=/; domain=.whatsapp.com; secure; SameSite=Lax

set-cookie: wa_ul=8950327e-238d-4a36-88a5-5288abc63d14; expires=Sat, 25-Jul-2026 01:18:15 GMT; Max-Age=7776000; path=/send; domain=.api.whatsapp.com; secure; httponly; SameSite=Lax

reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown&brsid=7632871118697670975&cpp=C3&cv=1038162681&st=1777166295670", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"

report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown&brsid=7632871118697670975&cpp=C3&cv=1038162681&st=1777166295670"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}

content-security-policy: default-src 'self' blob:;script-src 'nonce-upurrDea' *.facebook.com *.fbcdn.net *.whatsapp.com *.whatsapp.net https://*.facebook.net 'self' blob:;style-src 'self' 'unsafe-inline' https://static.whatsapp.net data: blob:;connect-src 'self' https://*.whatsapp.com data: blob:;font-src https://*.fbcdn.net https://static.whatsapp.net data:;img-src https://*.fbcdn.net https://*.whatsapp.net 'self' data: blob:;media-src 'self' data: blob:;child-src 'self' data: blob:;frame-src whatsapp: 'self' data: blob:;manifest-src 'self' data: blob:;object-src 'self' data: blob:;worker-src 'nonce-upurrDea' *.facebook.com *.fbcdn.net *.whatsapp.com *.whatsapp.net https://*.facebook.net 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;

content-security-policy: frame-ancestors https://*.whatsapp.com https://whatsapp.com;

document-policy: include-js-call-stacks-in-crash-reports

permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"

cross-origin-resource-policy: cross-origin

cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"

cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"

pragma: no-cache

cache-control: private, no-cache, no-store, must-revalidate

expires: Sat, 01 Jan 2000 00:00:00 GMT

x-content-type-options: nosniff

x-xss-protection: 0

origin-agent-cluster: ?1

strict-transport-security: max-age=31536000; preload; includeSubDomains

content-type: text/html; charset="utf-8"

x-fb-debug: I+gH7EtKtAkKkBy0PFhIlWVIs+YHafYTop0Ta5Lt1spAwK3OoTCeqbXpt2qotYHypsIiqwyhcGkyCm4beG+SFA==

date: Sun, 26 Apr 2026 01:18:15 GMT

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=17, mss=1380, tbw=4602, tp=-1, tpl=-1, uplat=339, ullat=0

alt-svc: h3=":443"; ma=86400.

Malware: Bee Viral

Email do ataque: engagementY2VqdmhzVVVTeFB5MUlPYXl1ckZTdz09@beeviral-mail1.com.br

indique@beeviral-mail1.com.br

Link do phishing:https://u27112597.ct.sendgrid.net/ls/click?upn=u001.o3NbMlaZb9gxKeA2wq0DnFNDGMsLOofqA-2Fvzgw0VZQcMdxrueLd-2BAeU6-2BZxyglalPRyuONgwLO3O6Mf9Nh59pUONU9gUF0TqZwMQeKbTCMOarjZPsTIQprMK1oTiC9ZMJFERzXUI7krt7st68Iz5o2dZK7WC5q2vnBG1YLL9TBLekH6r7TO-2Fr-2BDp7PcJ4RhATa-2BpaAvU-2FJqMt-2BmF2EkSrwSitAHPiENcptrbpf74n-2F8-3DTU8m_Od-2B-2FOH59clLKCpt2gRyyuPmE8SZg-2B2YXU-2BTpfDSHijKuTiK-2B17-2F8zz8xhc6gRBlru9Dn4664-2F7Xx0PsViJi-2FvTMewDQZ7OTS6gJp17AlzQJh4inrFm-2BnusEuLjDB1OidQw71FQ-2FQn-2F90tjFkvSx0cueupMk4K87-2Fb5a4aN0k7GGS03Y-2B8bYDZeko3-2FGKypfYrXYw-2BfsfwaRaBudpxg-2BBamPwkjB8d87CN5Uq8RM92-2Fhyevoj1j-2BUlMVrXkdmXlQiLRcTv73Edfn005Fcq47VBw-3D-3D

ESTRUTURA DO PHISHING:

Estrutura do phishing:Server: nginx

Date: Fri, 01 May 2026 15:30:34 GMT

Content-Type: text/html; charset=utf-8

Connection: keep-alive

Location: https://account.beeviral.app/App/MinhasIndicacoes?bvid=kOLjf57T4iB2xU6DLLRZtCgMF546NS*ZvK1IFmnD0NI=&utm_campaign=website&utm_medium=email&utm_source=sendgrid.com

X-Robots-Tag: noindex, nofollow

HTTP/2 200 

cache-control: no-cache, no-store, must-revalidate

pragma: no-cache

content-length: 21153

content-type: text/html; charset=utf-8

expires: -1

p3p: CP="ALL IDC IND NOR PDSa PSAa PHY ONL CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

x-frame-options: SAMEORIGIN

set-cookie: version=2.0.0.76; expires=Thu, 01-May-2031 15:30:35 GMT; path=/; secure; HttpOnly; SameSite=none; Secure

set-cookie: __RequestVerificationToken=4891CHia0gyEAQ7wDxWbJ84y0PvguTq1iXQd7CDj6z0-QmnMt0vwrzcsZC922VXzSNl6rYgYXXVjQfjUbX-n8dPuvONbUStVi7cPDrx-g2Y1; path=/; secure; HttpOnly; SameSite=none; Secure

access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS

content-security-policy: worker-src 'self' blob:;child-src 'self' *.carsystem.com *.beeviral.app *.beeviral.com.br *.facebook.com *.facebook.net *.googletagmanager.com *.firebaseapp.com *.gstatic.com *.google.com *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://apph.carsystem.com; frame-src * 'self' *.carsystem.com *.gstatic.com *.google.com *.beeviral.app *.beeviral.com.br *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://www.beeviral.com.br https://apph.carsystem.com; frame-ancestors 'self' * *.carsystem.com *.gstatic.com *.google.com *.digisac.app https://minhasindicacoes.com https://minhasindicacoes.beeviral.com.br https://minhasindicacoes-uat.beeviral.com.br https://editor.unlayer.com https://account.beeviral.app https://*.beeviral.app https://*.beeviral.com.br https://www.beeviral.com.br https://bi.beeviral.com.br https://apph.carsystem.com X-Frame-Options: SAMEORIGIN

x-content-type-options: nosniff

x-frame-options: DENY

x-xss-protection: 1; mode=block

referrer-policy: strict-origin-when-cross-origin

x-permitted-cross-domain-policies: none

strict-transport-security: max-age=31536000; includeSubDomains

feature-policy: accelerometer 'none'; gyroscope 'none'; magnetometer 'none'; usb 'none'

permissions-policy: clipboard-write=(self), geolocation=(self), fullscreen=(self), payment=(self), bluetooth=(), web-share=(self)

cross-origin-embedder-policy: unsafe-none

cross-origin-opener-policy: unsafe-none

cross-origin-resource-policy: cross-origin

date: Fri, 01 May 2026 15:30:34 GMT

Alvo: Servidores de e-mails de alunos e funcionários da faculdade Cruzeiro do Sul .

Descrição: Identifiquei uma atividade anômala de disparos de e-mail (Spam) atingindo os servidores da instituição.

Evidências Técnicas:

Origem: Domínio beeviral-mail1.com.br (Registrado por Ascent Serviços LTDA, CNPJ 04.495.203/0001-57).

Servidor de Envio: Microsoft/Outlook (MX: mail.protection.outlook.com).

Comportamento: O domínio não possui apontamento para site (Registro A), servindo apenas como infraestrutura de disparo.

domain: beeviral-mail1.com.br

owner: Ascent Servicos LTDA

ownerid: 04.495.203/0001-57

responsible: Marcelo Pereira Silva

country: BR

owner-c: ASSLT32

tech-c: ASSLT32

nserver: d.sec.dns.br

nsstat: 20260430 AA

nslastaa: 20260430

nserver: e.sec.dns.br

nsstat: 20260430 AA

nslastaa: 20260430

dsrecord: 41525 ECDSA-SHA-256 1319FFD537BB873E6D484C623E61426E3C6051B9907CFE353F2CBC690E2D8501

dsstatus: 20260430 DSOK

dslastok: 20260430

saci: yes

created: 20210521 #22887254

changed: 20250523

expires: 20260521

status: published

nic-hdl-br: ASSLT32

person: ASCENT Serviços Ltda

e-mail: registrobr@ascentservicos.com.br

country: BR

created: 20130605

changed: 20170626

Golpe: No DF (61) 9928-7301

Golpista: +55 (61) 9928-7301

  Operadora -Vivo

Utiliza o banco de Dados do Gov.br , pega as fotos para  entrar em contato com familiares de vítima.

Imagem da pessoa preservada: Pois é uma vítima 

NerdMiner 2/: Em busca do bloco de Ouro

Dia 28/04/2026

Dia 29/04/2026

(PDF Phishing):rramirez@expoatari.cl

E-mail:rramirez@expoatari.cl

Whois:

Registrant name: Alejandro Cobelli Castillo

Registrant organisation: 

Registrar name: NIC Chile

Registrar URL: https://www.nic.cl

Creation date: 2023-07-17 10:20:18 CLST

Expiration date: 2026-07-17 10:20:18 CLST

Name server: ns1.sitiodns.net

Name server: ns2.sitiodns.net

Name server: ns3.sitiodns.net

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49347

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;expoatari.cl. IN A

;; ANSWER SECTION:

expoatari.cl. 14400 IN A 186.64.119.175

;; Query time: 152 msec

;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

;; WHEN: Mon Apr 27 01:07:35 UTC 2026

;; MSG SIZE rcvd: 57

: "domain": "expoatari.cl",

  "base_domain": "expoatari.cl",

  "dnssec": false,

  "soa": {

    "record": "ns3.sitiodns.net. notificaciones_whm.haulmer.net. 2026042201 3600 7200 1209600 86400",

    "values": {

      "primary_nameserver": "ns3.sitiodns.net",

      "rname_email_address": "notificaciones_whm@haulmer.net",

      "serial": 2026042201,

      "refresh": 3600,

      "retry": 7200,

      "expire": 1209600,

      "minimum": 86400

    }

  },

  "ns": {

    "hostnames": [

      "ns2.sitiodns.net",

      "ns3.sitiodns.net",

      "ns1.sitiodns.net"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [

      {

        "preference": 0,

        "hostname": "mail.expoatari.cl",

        "addresses": [

          "186.64.119.175"

        ],

        "dnssec": false,

        "tls": false,

        "starttls": false

      }

    ],

    "warnings": [

      "mail.expoatari.cl: SMTP error code Connection unexpectedly closed: timed out"

    ]

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": "v=spf1 +a +mx +ip4:186.64.114.105 +ip4:186.64.114.109 +ip4: +ip4: +ip4: +ip4: ~all",

    "valid": false,

    "void_dns_lookups": null,

    "warnings": [],

    "error": " is not a valid ipv4 value."

  },

  "dmarc": {

    "record": "v=DMARC1; p=quarantine; rua=mailto:postmaster@expoatari.cl",

    "location": "expoatari.cl",

    "valid": true,

    "warnings": [],

    "tags": {

      "v": {

        "value": "DMARC1",

        "explicit": true

      },

      "p": {

        "value": "quarantine",

        "explicit": true

      },

      "rua": {

        "value": [

          {

            "scheme": "mailto",

            "address": "postmaster@expoatari.cl",

            "size_limit": null

          }

        ],

        "explicit": true

      },

      "adkim": {

        "value": "r",

        "explicit": false

      },

      "aspf": {

        "value": "r",

        "explicit": false

      },

      "fo": {

        "value": "0",

        "explicit": false

      },

      "pct": {

        "value": 100,

        "explicit": false

      },

      "psd": {

        "value": "u",

        "explicit": false

      },

      "rf": {

        "value": "afrf",

        "explicit": false

      },

      "ri": {

        "value": 86400,

        "explicit": false

      },

      "t": {

        "value": "n",

        "explicit": false

      },

      "sp": {

        "value": "quarantine",

        "explicit": false

      },

      "np": {

        "value": "quarantine",

        "explicit": false

      }

    }

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

phishing: Natura

Email:boletins@gold.venha.im

Link do phishing:https://s.pass.com.br/NaturaCadari/exz/m29/cyflqo/01.html

Estrutura do Phishing:

HTTP/2 301 

cache-control: private

content-length: 197

content-type: text/html; charset=utf-8

location: https://www.minhaloja.natura.com/c/promocoes?consultoria=cadari&marca=natura

server: Microsoft-IIS/10.0

set-cookie: ASP.NET_SessionId=kf3n4q5110wisnircmupn5py; path=/; HttpOnly; SameSite=Lax

x-aspnet-version: 4.0.30319

x-powered-by: ASP.NET

date: Mon, 27 Apr 2026 02:43:38 GMT

HTTP/2 503 

server: AkamaiGHost

mime-version: 1.0

content-type: text/html

content-length: 280

expires: Mon, 27 Apr 2026 00:43:37 GMT

cache-control: max-age=0, no-cache, no-store

pragma: no-cache

date: Mon, 27 Apr 2026 00:43:37 GMT

set-cookie: ab_home=b; path=/; secure

                

              

Domain Name: venha.im

Domain Managers

Name: Redacted

Address

Redacted

Domain Owners / Registrant

Name: Redacted

Address

Redacted

Administrative Contact

Name: Redacted

Address

Redacted

Billing Contact

Name: Redacted

Address

Redacted

Technical Contact

Name: Redacted

Address

Redacted

Domain Details

Expiry Date: 13/11/2026 00:59:52

Name Server:ns1.softlayer.com.

Name Server:ns2.softlayer.com

{

  "domain": "venha.im",

  "base_domain": "venha.im",

  "dnssec": false,

  "soa": {

    "record": "ns1.softlayer.com. support.softlayer.com. 2025030404 7200 600 1728000 43200",

    "values": {

      "primary_nameserver": "ns1.softlayer.com",

      "rname_email_address": "support@softlayer.com",

      "serial": 2025030404,

      "refresh": 7200,

      "retry": 600,

      "expire": 1728000,

      "minimum": 43200

    }

  },

  "ns": {

    "hostnames": [

      "ns1.softlayer.com",

      "ns2.softlayer.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

}

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35545

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;venha.im. IN A

;; ANSWER SECTION:

venha.im. 21600 IN A 74.63.196.62

;; Query time: 141 msec

;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

;; WHEN: Mon Apr 27 00:47:44 UTC 2026

;; MSG SIZE rcvd: 53

Phishing : Currículo Rafaela Gomes

Email:rafaelagomes@relatorios11k.spretocolor.cfd

Link do phishing:https://23.178.169.192.host.secureserver.net/Q069zynWFslz2lszsV9FW3zyz/4FkzzU9z8U3W9Y5/8DI/91937987/QYi9XYrj4W7MMLjy8QY/650382029945014

Estrutura do Phishing:

HTTP/1.1 302 Found

Date: Mon, 27 Apr 2026 00:31:16 GMT

Server: Apache/2.4.58 (Ubuntu)

Set-Cookie: PHPSESSID=6s59f67374krhoudl2h3v3ekco; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Location: https://redirector.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip

Content-Type: text/html; charset=UTF-8

HTTP/2 302 

date: Mon, 27 Apr 2026 00:31:21 GMT

pragma: no-cache

expires: Fri, 01 Jan 1990 00:00:00 GMT

cache-control: no-cache, must-revalidate

x-content-type-options: nosniff

location: https://r4---sn-8xa2gvcg-cnce.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?cms_redirect=yes&met=1777249881,&mh=vq&mip=192.145.214.0&mm=28&mn=sn-8xa2gvcg-cnce&ms=nvh&mt=1777249410&mv=u&mvi=4&pl=24&rms=nvh,nvh&shardbypass=sd

content-type: text/html; charset=UTF-8

server: ClientMapServer

content-length: 513

x-xss-protection: 0

x-frame-options: SAMEORIGIN

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:26 GMT

Expires: Mon, 27 Apr 2026 00:46:26 GMT

Cache-Control: public, max-age=900

Location: https://r5---sn-2obg05-ja.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249886,&mh=vq&pl=24&rms=onc,onc&shardbypass=sd&redirect_counter=1&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80&req_id=88dfa1a82be4173b&cms_redirect=yes&mip=192.145.214.0&mm=42&mn=sn-2obg05-ja&ms=onc&mt=1777249477&mv=m&mvi=5&rmhost=r1---sn-2obg05-ja.gvt1.com&smhost=r3---sn-bg0s7n7l.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:32 GMT

Expires: Mon, 27 Apr 2026 00:46:32 GMT

Cache-Control: public, max-age=900

Location: https://r1---sn-bg0e6nls.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249892,&mh=vq&pl=47&rms=onc,onc&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104&req_id=88dfa1a82be4173b&redirect_counter=2&rm=sn-bg0e6676&cms_redirect=yes&ipbypass=yes&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=42&mn=sn-bg0e6nls&ms=onc&mt=1777249477&mv=m&mvi=1&rmhost=r5---sn-bg0e6nls.gvt1.com&smhost=r3---sn-bg0e6nle.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:37 GMT

Expires: Mon, 27 Apr 2026 00:46:37 GMT

Cache-Control: public, max-age=900

Location: https://r4---sn-vgqsknld.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249897,&mh=vq&pl=47&rms=ltu,ltu&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104,40&req_id=88dfa1a82be4173b&rm=sn-bg0e6676,sn-bg0ezs7e&ipbypass=yes&redirect_counter=3&cms_redirect=yes&cmsv=e&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=39&mn=sn-vgqsknld&ms=ltr&mt=1777249513&mv=u&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=86400

Content-Disposition: attachment

Content-Length: 1211065826

Content-Security-Policy: default-src 'none'

Content-Type: application/zip

Etag: "30cc26a"

Server: downloads

Vary: Accept-Encoding

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Identity-Content-Length: 1211065826

X-Xss-Protection: 0

Date: Mon, 27 Apr 2026 00:09:42 GMT

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT

Connection: keep-alive

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"

Whois:vgqsknld&ms=ltr&mt=1777248255&mv=m&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=86400

Content-Disposition: attachment

Content-Length: 1211065826

Content-Security-Policy: default-src 'none'

Content-Type: application/zip

Etag: "30cc26a"

Server: downloads

Vary: Accept-Encoding

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Identity-Content-Length: 1211065826

X-Xss-Protection: 0

Date: Mon, 27 Apr 2026 00:09:42 GMT

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT

Connection: keep-alive

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"

Whois:

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4515

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;sterracotacolor.cfd. IN A

;; ANSWER SECTION:

sterracotacolor.cfd. 300 IN A 104.21.11.24

sterracotacolor.cfd. 300 IN A 172.67.165.18

  "domain": "sterracotacolor.cfd",

  "base_domain": "sterracotacolor.cfd",

  "dnssec": false,

  "soa": {

    "record": "athena.ns.cloudflare.com. dns.cloudflare.com. 2402526591 10000 2400 604800 1800",

    "values": {

      "primary_nameserver": "athena.ns.cloudflare.com",

      "rname_email_address": "dns@cloudflare.com",

      "serial": 2402526591,

      "refresh": 10000,

      "retry": 2400,

      "expire": 604800,

      "minimum": 1800

    }

  },

  "ns": {

    "hostnames": [

      "athena.ns.cloudflare.com",

      "grant.ns.cloudflare.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

}