urlscan.io logo urlscan.io
SecurityTrails logo

smiles.itau.com.br.ct11742.tmweb.ru Open in urlscan Pro
92.53.113.10  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.projetosinfoplus.com.br/CXCQ12678.htm
Effective URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456...
Submission: On October 18 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 92.53.113.10, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is smiles.itau.com.br.ct11742.tmweb.ru.
This is the only time smiles.itau.com.br.ct11742.tmweb.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

IP Address AS Autonomous System
1 108.167.171.37 20013 (CYRUSONE)
14 92.53.113.10 9123 (TIMEWEB-AS)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
16 3
Domain Requested by
14 smiles.itau.com.br.ct11742.tmweb.ru smiles.itau.com.br.ct11742.tmweb.ru
1 www.youtube.com smiles.itau.com.br.ct11742.tmweb.ru
1 lnk.direct 1 redirects
1 www.projetosinfoplus.com.br
16 4

This site contains no links.

Subject Issuer Validity Valid
*.google.com
Google Internet Authority G3		 2018-10-02 -
2018-12-25		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Frame ID: C594B2A46AD0D33FE2C186DF2BC4549F
Requests: 15 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Sp2APD1Vhhk
Frame ID: 2F0220A02AC4213D9D28421395C69B32
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.projetosinfoplus.com.br/CXCQ12678.htm Page URL
  2. http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

16
Requests

6 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

39 kB
Transfer

40 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.projetosinfoplus.com.br/CXCQ12678.htm Page URL
  2. http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • http://lnk.direct/7wpY HTTP 301
  • https://www.youtube.com/embed/Sp2APD1Vhhk

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
CXCQ12678.htm
www.projetosinfoplus.com.br/ 		265 B
478 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.projetosinfoplus.com.br/CXCQ12678.htm
Protocol
HTTP/1.1
Server
108.167.171.37 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Host
www.projetosinfoplus.com.br
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx/1.14.0
Date
Thu, 18 Oct 2018 22:14:00 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Wed, 10 Oct 2018 17:09:20 GMT
Content-Encoding
gzip
Primary Request /
smiles.itau.com.br.ct11742.tmweb.ru/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
a04f02792c6a01c3567722c2b1bda2874043075f07587f8896856dfe2ecaf311

Request headers

Host
smiles.itau.com.br.ct11742.tmweb.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.projetosinfoplus.com.br/CXCQ12678.htm
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.projetosinfoplus.com.br/CXCQ12678.htm

Response headers

Server
nginx/1.14.0
Date
Thu, 18 Oct 2018 22:14:01 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Last-Modified
Fri, 14 Sep 2018 21:29:40 GMT
ETag
W/"ce0-575db85679900"
Content-Encoding
gzip
KKYY.js
smiles.itau.com.br.ct11742.tmweb.ru/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY.js
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
1cf783f2cfcec27d754c739af6feadca696c85c0f23e55f032acddea130b07f9

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Sep 2018 21:29:40 GMT
Server
nginx/1.14.0
ETag
W/"5b9c2844-fcd"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2678400
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY6.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY6.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
75329809aa5f054bfea1b4d2af197c51fd8b498d99bf7a5f407cd3b678390eca

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:50 GMT
Server
nginx/1.14.0
ETag
"5b9c29f2-5fd8"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24536
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY14.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		774 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY14.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
fbe430c54aba814ecd1ce8e24ed1469af9d3610e99ea1ddfea91fdaaff4b604e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:37:08 GMT
Server
nginx/1.14.0
ETag
"5b9c2a04-306"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
774
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY8.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		686 B
996 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY8.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
ce089e6a6c3f866f02d14cda88293470a75735c77745c9afe50a8d0865d323d3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:56 GMT
Server
nginx/1.14.0
ETag
"5b9c29f8-2ae"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
686
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY9.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		338 B
648 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY9.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
2dd9778c111bc25cfb4021239a3b995c104387cfd54d0b921c3608490aa83640

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:58 GMT
Server
nginx/1.14.0
ETag
"5b9c29fa-152"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
338
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY2.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		370 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY2.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
fce1b95464156047730dbadc8578fce5abba103cff30185937d24e370ecdf694

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:40 GMT
Server
nginx/1.14.0
ETag
"5b9c29e8-172"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
370
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY10.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		579 B
889 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY10.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
a34eb8f9bb7f142d7c06c93c7f255b3320fa82a9758638c950bde4cc2b7adfa7

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:37:00 GMT
Server
nginx/1.14.0
ETag
"5b9c29fc-243"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
579
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY5.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		758 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY5.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
af90559da92d83634e05106122a68a44525f801c8245b448f65a19193d1dcda1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:48 GMT
Server
nginx/1.14.0
ETag
"5b9c29f0-2f6"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
758
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY11.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		529 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY11.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
a6e946bb0c080f59a1bf8841ceb35d808fc19c79f96ff4375fdc7ff5789077fc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:37:02 GMT
Server
nginx/1.14.0
ETag
"5b9c29fe-211"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
529
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY13.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		515 B
825 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY13.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
de9473ed5cc0e158c598d1720e9577a77944b2ea639633c7ce62b3ea24e30695

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:37:06 GMT
Server
nginx/1.14.0
ETag
"5b9c2a02-203"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
515
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY3.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		392 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY3.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
f22913089eaf32166a0735f359261cba7c43490143976e9f26b280d0a5128631

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:44 GMT
Server
nginx/1.14.0
ETag
"5b9c29ec-188"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
392
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY1.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		793 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY1.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
36cd9fa4a112c8d030632e6fde55847e82b5ff1bd2b6f9929ac7a8dd825a1857

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:36:38 GMT
Server
nginx/1.14.0
ETag
"5b9c29e6-319"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
793
Expires
Sun, 18 Nov 2018 22:14:01 GMT
KKYY15.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smiles.itau.com.br.ct11742.tmweb.ru/KKYY/KKYY15.png
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
HTTP/1.1
Server
92.53.113.10 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
sensus.timeweb.ru
Software
nginx/1.14.0 /
Resource Hash
68f31e4503620e8dec15e4c3e9f7c7a5c638baa9fe348c34f2267ac27e5be45a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
smiles.itau.com.br.ct11742.tmweb.ru
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Connection
keep-alive
Cache-Control
no-cache
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Last-Modified
Fri, 14 Sep 2018 21:37:12 GMT
Server
nginx/1.14.0
ETag
"5b9c2a08-a68"
Content-Type
image/png
Cache-Control
max-age=2678400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2664
Expires
Sun, 18 Nov 2018 22:14:01 GMT
Sp2APD1Vhhk
www.youtube.com/embed/ Frame 2F02
Redirect Chain
  • http://lnk.direct/7wpY
  • https://www.youtube.com/embed/Sp2APD1Vhhk
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/Sp2APD1Vhhk
Requested by
Host: smiles.itau.com.br.ct11742.tmweb.ru
URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/Sp2APD1Vhhk
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43

Response headers

status
200
strict-transport-security
max-age=31536000
cache-control
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
x-xss-protection
1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
expires
Tue, 27 Apr 1971 19:44:06 EST
x-content-type-options
nosniff
date
Thu, 18 Oct 2018 22:14:01 GMT
server
YouTube Frontend Proxy
set-cookie
VISITOR_INFO1_LIVE=ouq5aKkeEHY; path=/; domain=.youtube.com; expires=Tue, 16-Apr-2019 22:14:01 GMT; httponly GPS=1; path=/; domain=.youtube.com; expires=Thu, 18-Oct-2018 22:44:01 GMT PREF=f1=50000000; path=/; domain=.youtube.com; expires=Wed, 19-Jun-2019 10:07:01 GMT YSC=L3t-ntqhg8s; path=/; domain=.youtube.com; httponly VISITOR_INFO1_LIVE=ouq5aKkeEHY; path=/; domain=.youtube.com; expires=Tue, 16-Apr-2019 22:14:01 GMT; httponly
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

Date
Thu, 18 Oct 2018 22:14:01 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=daa4707e32b00b5c84da35824940f81d41539900841; expires=Fri, 18-Oct-19 22:14:01 GMT; path=/; domain=.lnk.direct; HttpOnly shorturl=1pcmjjk5hopoljc000ogr2taj0; path=/
X-Powered-By
PHP/5.6.36
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Location
https://www.youtube.com/embed/Sp2APD1Vhhk
Server
cloudflare
CF-RAY
46be5b0314cdc2e7-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| KKYY_KKYY3 function| KKYYMutuario function| execKKYY function| cpfCnpj function| validar function| validaCPF function| validaCNPJ

4 Cookies

Domain/Path Name / Value
.youtube.com/ Name: PREF
Value: f1=50000000
.youtube.com/ Name: YSC
Value: L3t-ntqhg8s
.youtube.com/ Name: GPS
Value: 1
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: ouq5aKkeEHY