177.70.22.146
Open in
urlscan Pro
177.70.22.146
Malicious Activity!
Public Scan
Effective URL: http://177.70.22.146/treinamento/files/homepage/M_T/M&T/
Submission: On March 19 via manual from US
Summary
This is the only time 177.70.22.146 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: M&T Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.216.243.155 195.216.243.155 | 29226 (MASTERTEL...) (MASTERTEL-AS Moscow) | |
1 5 | 2a02:6b8::1:119 2a02:6b8::1:119 | 13238 (YANDEX) (YANDEX) | |
1 | 166.78.126.82 166.78.126.82 | 19994 (RACKSPACE) (RACKSPACE - Rackspace Hosting) | |
1 | 177.70.22.146 177.70.22.146 | 28209 (Desenvolv...) (Desenvolve Solucoes de Internet Ltda) | |
11 | 5 |
ASN29226 (MASTERTEL-AS Moscow, Russia, RU)
PTR: s5.unet.com
u.to |
ASN19994 (RACKSPACE - Rackspace Hosting, US)
gncomercial.com |
ASN28209 (Desenvolve Solucoes de Internet Ltda, BR)
PTR: tskdzmz98r.underplatform.com
177.70.22.146 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
yandex.ru
1 redirects
mc.yandex.ru |
87 KB |
1 |
gncomercial.com
gncomercial.com |
391 B |
1 |
u.to
u.to |
1004 B |
0 |
yadro.ru
Failed
counter.yadro.ru Failed |
|
11 | 4 |
Domain | Requested by | |
---|---|---|
5 | mc.yandex.ru |
1 redirects
u.to
|
1 | gncomercial.com |
u.to
|
1 | u.to | |
0 | counter.yadro.ru Failed |
u.to
|
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
u.to COMODO RSA Domain Validation Secure Server CA |
2018-09-18 - 2019-09-18 |
a year | crt.sh |
bs.yandex.ru Yandex CA |
2018-10-03 - 2019-10-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://177.70.22.146/treinamento/files/homepage/M_T/M&T/
Frame ID: 87584289E47D801C72414F5799B66DAC
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://u.to/_ZztFA Page URL
- http://gncomercial.com/mt.php Page URL
- http://177.70.22.146/treinamento/files/homepage/M_T/M&T/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://u.to/_ZztFA Page URL
- http://gncomercial.com/mt.php Page URL
- http://177.70.22.146/treinamento/files/homepage/M_T/M&T/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2F_ZztFA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1553010785914%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190319155306%3Aet%3A1553010786%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A821860212%3Ahid%3A210340128%3Ads%3A13%2C190%2C60%2C1%2C0%2C0%2C0%2C3%2C0%2C271%2C%2C%2C270%3Agdpr%3A14%3Av%3A1500%3Awv%3A2%3Ast%3A1553010786%3Au%3A1553010786569572084%3At%3ARedirecting HTTP 302
- https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F_ZztFA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1553010785914%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190319155306%3Aet%3A1553010786%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A821860212%3Ahid%3A210340128%3Ads%3A13%2C190%2C60%2C1%2C0%2C0%2C0%2C3%2C0%2C271%2C%2C%2C270%3Agdpr%3A14%3Av%3A1500%3Awv%3A2%3Ast%3A1553010786%3Au%3A1553010786569572084%3At%3ARedirecting
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
_ZztFA
u.to/ |
976 B 1004 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag.js
mc.yandex.ru/metrika/ |
330 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
hit;utostat
counter.yadro.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mt.php
gncomercial.com/ |
99 B 391 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1
mc.yandex.ru/watch/51604940/ Redirect Chain
|
0 -1 B |
XHR
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
advert.gif
mc.yandex.ru/metrika/ |
43 B 445 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1
mc.yandex.ru/watch/51604940/ |
152 B 692 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
177.70.22.146/treinamento/files/homepage/M_T/M&T/ |
1007 KB 629 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
176 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Font
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Font
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
95244c42-6717-4faf-90da-fbe289313549
http://177.70.22.146/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
11624fdb-84cd-4c47-a4f5-454fa878507f
http://177.70.22.146/ |
31 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
aa71ef9d-8595-412b-bb6e-2b547636c26a
http://177.70.22.146/ |
37 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- counter.yadro.ru
- URL
- https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/_ZztFA;1553010786183
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: M&T Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| savepage_PageLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
counter.yadro.ru
gncomercial.com
mc.yandex.ru
u.to
counter.yadro.ru
166.78.126.82
177.70.22.146
195.216.243.155
2a02:6b8::1:119
313c62f0416950a6a42b96f80edb4a4b8686a20fc1e42f6153df0587cf2c104c
3a05bb3343d2a2fc6f323bee0b8230676b91d137be019bd826f6ae5fe19be807
682607c13030a04bc5bccde381ea3e7f576695162af2e84dee1fc7fdb2375ffc
9d4854e5e3a1cbd737fcc46b9e2d0fa2b5a719bbdfa9e3316b749007cffe1e3e
a4647b86dec994adc807108ee32d5bb7d2e6c9a65a38a0b14827243152e35392
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ec3501d2fa43418550faeafe19fa4e595f224240838e6b7310afd2d31f603690
f653bb5e212f16634703ada02e508d8df8de638bee79ddf1ab573becfb8c8cc4
fc1121739edebb69f37d1dfff2297d7cf999795d28d9ff23ce590260ae19fbda
ffed648e9768fd2dadbc02a6861fc6c21f291ac9bdc5b00672862e5e23b88fb2