smiles.itau.com.br.cp40032.tmweb.ru
Open in
urlscan Pro
92.53.96.2
Malicious Activity!
Public Scan
Effective URL: http://smiles.itau.com.br.cp40032.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Submission: On August 20 via automatic, source phishtank
Summary
This is the only time smiles.itau.com.br.cp40032.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 108.167.171.37 108.167.171.37 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
14 | 92.53.96.2 92.53.96.2 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
1 1 | 163.172.21.228 163.172.21.228 | 12876 (AS12876) (AS12876) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
16 | 3 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
www.projetosinfoplus.com.br |
ASN9123 (TIMEWEB-AS, RU)
PTR: vh134.timeweb.ru
smiles.itau.com.br.cp40032.tmweb.ru |
ASN12876 (AS12876, FR)
PTR: 163-172-21-228.rev.poneytelecom.eu
lnk.direct |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
tmweb.ru
smiles.itau.com.br.cp40032.tmweb.ru |
39 KB |
1 |
youtube.com
www.youtube.com |
|
1 |
lnk.direct
1 redirects
lnk.direct |
458 B |
1 |
projetosinfoplus.com.br
www.projetosinfoplus.com.br |
474 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
14 | smiles.itau.com.br.cp40032.tmweb.ru |
smiles.itau.com.br.cp40032.tmweb.ru
|
1 | www.youtube.com |
smiles.itau.com.br.cp40032.tmweb.ru
|
1 | lnk.direct | 1 redirects |
1 | www.projetosinfoplus.com.br | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google.com Google Internet Authority G3 |
2018-08-07 - 2018-10-16 |
2 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://smiles.itau.com.br.cp40032.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Frame ID: 882BCD3919733D6440AB299D4A1C0617
Requests: 15 HTTP requests in this frame
Frame:
https://www.youtube.com/embed/Sp2APD1Vhhk
Frame ID: 5475947C1F8CFDF8AB5E73CDBF8F35B0
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.projetosinfoplus.com.br/AAB58995.htm Page URL
- http://smiles.itau.com.br.cp40032.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn63... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.projetosinfoplus.com.br/AAB58995.htm Page URL
- http://smiles.itau.com.br.cp40032.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://lnk.direct/7wpY HTTP 301
- https://www.youtube.com/embed/Sp2APD1Vhhk
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
AAB58995.htm
www.projetosinfoplus.com.br/ |
262 B 474 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
smiles.itau.com.br.cp40032.tmweb.ru/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX.js
smiles.itau.com.br.cp40032.tmweb.ru/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX6.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX14.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
774 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX8.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
686 B 996 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX9.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
338 B 648 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX2.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
370 B 680 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX10.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
579 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX5.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
771 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX11.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
529 B 839 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX13.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
515 B 825 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX3.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
392 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX1.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
862 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
POPX15.png
smiles.itau.com.br.cp40032.tmweb.ru/POPX/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sp2APD1Vhhk
www.youtube.com/embed/ Frame 5475 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| POPX_POPX3 function| POPXMutuario function| execPOPX function| cpfCnpj function| validar function| validaCPF function| validaCNPJ4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.youtube.com/ | Name: PREF Value: f1=50000000 |
|
.youtube.com/ | Name: YSC Value: OkMIfjR5o8I |
|
.youtube.com/ | Name: GPS Value: 1 |
|
.youtube.com/ | Name: VISITOR_INFO1_LIVE Value: 1ctMdQQDLco |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lnk.direct
smiles.itau.com.br.cp40032.tmweb.ru
www.projetosinfoplus.com.br
www.youtube.com
108.167.171.37
163.172.21.228
2a00:1450:4001:806::200e
92.53.96.2
06bf441b99de25d31cc86bd91da4b76057f02a0ab169b905cf4580a19d1f4110
2dd9778c111bc25cfb4021239a3b995c104387cfd54d0b921c3608490aa83640
4604c09d2a8006ed3713d3f6a3074b62e4ef436304473c95e8d041d6c5eb2c56
5e17ee010f15b17a398c3f66f3d8ec1781dcdc6646f2cd3739fe7ba9360f0e78
75329809aa5f054bfea1b4d2af197c51fd8b498d99bf7a5f407cd3b678390eca
76ee03ad84b635e424aae0b6fbdc07a8ac40cd726f8f021767af273f54703b93
a34eb8f9bb7f142d7c06c93c7f255b3320fa82a9758638c950bde4cc2b7adfa7
a6e946bb0c080f59a1bf8841ceb35d808fc19c79f96ff4375fdc7ff5789077fc
ce089e6a6c3f866f02d14cda88293470a75735c77745c9afe50a8d0865d323d3
de9473ed5cc0e158c598d1720e9577a77944b2ea639633c7ce62b3ea24e30695
f02cf041a4154546630b67558766c4f2e61fcd8ca4dd551569c3f49e001e3321
f22913089eaf32166a0735f359261cba7c43490143976e9f26b280d0a5128631
fbe430c54aba814ecd1ce8e24ed1469af9d3610e99ea1ddfea91fdaaff4b604e
fce1b95464156047730dbadc8578fce5abba103cff30185937d24e370ecdf694