uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com Open in urlscan Pro
2620:100:6022:15::a27d:420f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://itau.yue.com.br/
Effective URL:
https://uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com/cd/0/get/BAXKU0em2rpr1VSxuiHBnrXA-XMveBx1foD3fUMrJre5k1xoGAzGcuMra3JqnMx12cMR1c-Xzm1yKFOwOZK2vtS...
Submission: On October 02 via api (October 2nd 2020, 9:50:22 am UTC) from PH

Summary HTTP 82 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 8 domains to perform 82 HTTP transactions. The main IP is 2620:100:6022:15::a27d:420f, located in United States and belongs to DROPBOX, US. The main domain is uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 30th 2020. Valid for: 2 years.

This is the only time uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address	AS Autonomous System
68	45.32.79.20 45.32.79.20	20473 (AS-CHOOPA) (AS-CHOOPA)
1	23.210.248.209 23.210.248.209	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
1	2620:100:6022... 2620:100:6022:15::a27d:420f	19679 (DROPBOX) (DROPBOX)
4	2606:4700::68... 2606:4700::6810:631d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
82	10

68 45.32.79.20 (Los Angeles, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.32.79.20.vultr.com

itau.yue.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.209 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-209.deploy.static.akamaitechnologies.com

www.itau.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:6022:15::a27d:420f (United States)

ASN19679 (DROPBOX, US)

uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:631d (United States)

ASN13335 (CLOUDFLARENET, US)

cfl.dropboxstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	yue.com.br itau.yue.com.br	5 MB
4	dropboxstatic.com cfl.dropboxstatic.com	207 KB
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net Failed	17 KB
1	dropboxusercontent.com uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com	1 KB
1	ytimg.com s.ytimg.com	37 KB
1	google.com.br www.google.com.br	560 B
1	google.com www.google.com	107 B
1	itau.com.br www.itau.com.br	530 B
82	8

	Domain	Requested by
68	itau.yue.com.br	itau.yue.com.br
4	cfl.dropboxstatic.com	uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com cfl.dropboxstatic.com
3	stats.g.doubleclick.net	itau.yue.com.br
1	uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com
1	s.ytimg.com	itau.yue.com.br
1	www.google.com.br	itau.yue.com.br
1	www.google.com	itau.yue.com.br
1	www.itau.com.br	itau.yue.com.br
0	googleads.g.doubleclick.net Failed	itau.yue.com.br
82	9

This site contains links to these domains. Also see Links.

Domain
www.dropbox.com

Subject Issuer	Validity	Valid
itau.yue.com.br Let's Encrypt Authority X3	`2020-09-29` - `2020-12-28`	3 months	crt.sh
www.itau.com.br DigiCert SHA2 Extended Validation Server CA	`2020-03-12` - `2022-06-11`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google.com.br GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.dl.dropboxusercontent.com DigiCert SHA2 High Assurance Server CA	`2020-01-30` - `2022-04-14`	2 years	crt.sh
cfl.dropboxstatic.com DigiCert SHA2 High Assurance Server CA	`2019-01-30` - `2021-04-09`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com/cd/0/get/BAXKU0em2rpr1VSxuiHBnrXA-XMveBx1foD3fUMrJre5k1xoGAzGcuMra3JqnMx12cMR1c-Xzm1yKFOwOZK2vtS4L0izXgIhg1U8Ck4BJLcawd8BhmClmEvGzC8a8MX-w70/file?dl=1
Frame ID: B3F645A39D93D424A7E7E5B48AD8BA13
Requests: 64 HTTP requests in this frame

Frame: https://itau.yue.com.br/Banco%20Ita%C3%BA%20_%20computador%20-%20Feito%20Para%20Voc%C3%AAX_files/29NaDRNq31U.html
Frame ID: B53FC44F64C3BDCAE24EBBD1EC809CF4
Requests: 9 HTTP requests in this frame

Frame: https://itau.yue.com.br/Banco%20Ita%C3%BA%20_%20computador%20-%20Feito%20Para%20Voc%C3%AAX_files/2wB9OxaNGfM.html
Frame ID: CB52B57FC26358583D573D0F61CE375D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://itau.yue.com.br/ Page URL
https://itau.yue.com.br/app.html Page URL
https://uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com/cd/0/get/BAXKU0em2rpr1VSxuiHBnrXA-XMveBx1foD3fUMrJre5k1xoGAzGcuMra3JqnMx12cM... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

82
Requests

98 %
HTTPS

78 %
IPv6

8
Domains

9
Subdomains

10
IPs

4
Countries

5612 kB
Transfer

6712 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.dropbox.com/home?_tk=fof
Title: Home

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/help?_tk=fof
Title: Help center

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/login?_tk=fof
Title: Sign in

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/register?_tk=fof
Title: Get a free account

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/plus?_tk=fof
Title: Dropbox Plus

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/business?_tk=fof
Title: Dropbox Business

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://itau.yue.com.br/ Page URL
https://itau.yue.com.br/app.html Page URL
https://uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com/cd/0/get/BAXKU0em2rpr1VSxuiHBnrXA-XMveBx1foD3fUMrJre5k1xoGAzGcuMra3JqnMx12cMR1c-Xzm1yKFOwOZK2vtS4L0izXgIhg1U8Ck4BJLcawd8BhmClmEvGzC8a8MX-w70/file?dl=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

82 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
itau.yue.com.br/ 105 B
310 B 828ms
150ms Document
text/html 45.32.79.20
AS-CHOOPA

General

uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com Open in urlscan Pro 2620:100:6022:15::a27d:420f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

82 Requests

98 %HTTPS

78 %IPv6

8 Domains

9 Subdomains

10 IPs

4 Countries

5612 kBTransfer

6712 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

uce6e80a4dcb2280b3c69a1a7592.dl.dropboxusercontent.com Open in urlscan Pro
2620:100:6022:15::a27d:420f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

98 %
HTTPS

78 %
IPv6

8
Domains

9
Subdomains

10
IPs

4
Countries

5612 kB
Transfer

6712 kB
Size

0
Cookies

82 HTTP transactions
0 data transactions