smiles.itau.com.br.ct11742.tmweb.ru
Open in
urlscan Pro
92.53.113.10
Malicious Activity!
Public Scan
Effective URL: http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456...
Submission: On October 18 via automatic, source phishtank
Summary
This is the only time smiles.itau.com.br.ct11742.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 108.167.171.37 108.167.171.37 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
14 | 92.53.113.10 92.53.113.10 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
1 1 | 2606:4700:30:... 2606:4700:30::681f:5103 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a00:1450:400... 2a00:1450:4001:817::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
16 | 3 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
www.projetosinfoplus.com.br |
ASN9123 (TIMEWEB-AS, RU)
PTR: sensus.timeweb.ru
smiles.itau.com.br.ct11742.tmweb.ru |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
lnk.direct |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
tmweb.ru
smiles.itau.com.br.ct11742.tmweb.ru |
39 KB |
1 |
youtube.com
www.youtube.com |
|
1 |
lnk.direct
1 redirects
lnk.direct |
627 B |
1 |
projetosinfoplus.com.br
www.projetosinfoplus.com.br |
478 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
14 | smiles.itau.com.br.ct11742.tmweb.ru |
smiles.itau.com.br.ct11742.tmweb.ru
|
1 | www.youtube.com |
smiles.itau.com.br.ct11742.tmweb.ru
|
1 | lnk.direct | 1 redirects |
1 | www.projetosinfoplus.com.br | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google.com Google Internet Authority G3 |
2018-10-02 - 2018-12-25 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Frame ID: C594B2A46AD0D33FE2C186DF2BC4549F
Requests: 15 HTTP requests in this frame
Frame:
https://www.youtube.com/embed/Sp2APD1Vhhk
Frame ID: 2F0220A02AC4213D9D28421395C69B32
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.projetosinfoplus.com.br/CXCQ12678.htm Page URL
- http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.projetosinfoplus.com.br/CXCQ12678.htm Page URL
- http://smiles.itau.com.br.ct11742.tmweb.ru/?=resgate-smiles=4hskf63gskd6hgsf7f563gd7fdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://lnk.direct/7wpY HTTP 301
- https://www.youtube.com/embed/Sp2APD1Vhhk
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
CXCQ12678.htm
www.projetosinfoplus.com.br/ |
265 B 478 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
smiles.itau.com.br.ct11742.tmweb.ru/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY.js
smiles.itau.com.br.ct11742.tmweb.ru/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY6.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY14.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
774 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY8.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
686 B 996 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY9.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
338 B 648 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY2.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
370 B 680 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY10.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
579 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY5.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
758 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY11.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
529 B 839 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY13.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
515 B 825 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY3.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
392 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY1.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
793 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KKYY15.png
smiles.itau.com.br.ct11742.tmweb.ru/KKYY/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sp2APD1Vhhk
www.youtube.com/embed/ Frame 2F02 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| KKYY_KKYY3 function| KKYYMutuario function| execKKYY function| cpfCnpj function| validar function| validaCPF function| validaCNPJ4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.youtube.com/ | Name: PREF Value: f1=50000000 |
|
.youtube.com/ | Name: YSC Value: L3t-ntqhg8s |
|
.youtube.com/ | Name: GPS Value: 1 |
|
.youtube.com/ | Name: VISITOR_INFO1_LIVE Value: ouq5aKkeEHY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lnk.direct
smiles.itau.com.br.ct11742.tmweb.ru
www.projetosinfoplus.com.br
www.youtube.com
108.167.171.37
2606:4700:30::681f:5103
2a00:1450:4001:817::200e
92.53.113.10
1cf783f2cfcec27d754c739af6feadca696c85c0f23e55f032acddea130b07f9
2dd9778c111bc25cfb4021239a3b995c104387cfd54d0b921c3608490aa83640
36cd9fa4a112c8d030632e6fde55847e82b5ff1bd2b6f9929ac7a8dd825a1857
68f31e4503620e8dec15e4c3e9f7c7a5c638baa9fe348c34f2267ac27e5be45a
75329809aa5f054bfea1b4d2af197c51fd8b498d99bf7a5f407cd3b678390eca
a04f02792c6a01c3567722c2b1bda2874043075f07587f8896856dfe2ecaf311
a34eb8f9bb7f142d7c06c93c7f255b3320fa82a9758638c950bde4cc2b7adfa7
a6e946bb0c080f59a1bf8841ceb35d808fc19c79f96ff4375fdc7ff5789077fc
af90559da92d83634e05106122a68a44525f801c8245b448f65a19193d1dcda1
ce089e6a6c3f866f02d14cda88293470a75735c77745c9afe50a8d0865d323d3
de9473ed5cc0e158c598d1720e9577a77944b2ea639633c7ce62b3ea24e30695
f22913089eaf32166a0735f359261cba7c43490143976e9f26b280d0a5128631
fbe430c54aba814ecd1ce8e24ed1469af9d3610e99ea1ddfea91fdaaff4b604e
fce1b95464156047730dbadc8578fce5abba103cff30185937d24e370ecdf694