smiles.itau.com.br.cs68730.tmweb.ru
Open in
urlscan Pro
92.53.96.2
Malicious Activity!
Public Scan
Effective URL: http://smiles.itau.com.br.cs68730.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Submission: On August 26 via manual from BR
Summary
This is the only time smiles.itau.com.br.cs68730.tmweb.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 108.167.171.37 108.167.171.37 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
14 | 92.53.96.2 92.53.96.2 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
1 1 | 163.172.21.228 163.172.21.228 | 12876 (AS12876) (AS12876) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
16 | 3 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
www.projetosinfoplus.com.br |
ASN9123 (TIMEWEB-AS, RU)
PTR: vh134.timeweb.ru
smiles.itau.com.br.cs68730.tmweb.ru |
ASN12876 (AS12876, FR)
PTR: 163-172-21-228.rev.poneytelecom.eu
lnk.direct |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
tmweb.ru
smiles.itau.com.br.cs68730.tmweb.ru |
39 KB |
1 |
youtube.com
www.youtube.com |
|
1 |
lnk.direct
1 redirects
lnk.direct |
458 B |
1 |
projetosinfoplus.com.br
www.projetosinfoplus.com.br |
475 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
14 | smiles.itau.com.br.cs68730.tmweb.ru |
smiles.itau.com.br.cs68730.tmweb.ru
|
1 | www.youtube.com |
smiles.itau.com.br.cs68730.tmweb.ru
|
1 | lnk.direct | 1 redirects |
1 | www.projetosinfoplus.com.br | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google.com Google Internet Authority G3 |
2018-08-07 - 2018-10-16 |
2 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://smiles.itau.com.br.cs68730.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43
Frame ID: B5033BEDAEC0E790707A6F8814173229
Requests: 15 HTTP requests in this frame
Frame:
https://www.youtube.com/embed/Sp2APD1Vhhk
Frame ID: 3D57CE34FB02A07C8AEBAE983EC116A9
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.projetosinfoplus.com.br/AAB58995.htm Page URL
- http://smiles.itau.com.br.cs68730.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn63... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.projetosinfoplus.com.br/AAB58995.htm Page URL
- http://smiles.itau.com.br.cs68730.tmweb.ru/?=resgate-smiles=4hskf63gsd3232d32d32332rdr23fr23342f34y4tvc563fgdvdcstghn6345sfvhj45uj56i6h456fg43 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://lnk.direct/7wpY HTTP 301
- https://www.youtube.com/embed/Sp2APD1Vhhk
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
AAB58995.htm
www.projetosinfoplus.com.br/ |
262 B 475 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
smiles.itau.com.br.cs68730.tmweb.ru/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD.js
smiles.itau.com.br.cs68730.tmweb.ru/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD6.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD14.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
774 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD8.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
686 B 996 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD9.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
338 B 648 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD2.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
370 B 680 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD10.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
579 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD5.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
766 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD11.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
529 B 839 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD13.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
515 B 825 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD3.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
392 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD1.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
816 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RGDD15.png
smiles.itau.com.br.cs68730.tmweb.ru/RGDD/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sp2APD1Vhhk
www.youtube.com/embed/ Frame 3D57 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| RGDD_RGDD3 function| RGDDMutuario function| execRGDD function| cpfCnpj function| validar function| validaCPF function| validaCNPJ4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.youtube.com/ | Name: PREF Value: f1=50000000 |
|
.youtube.com/ | Name: GPS Value: 1 |
|
.youtube.com/ | Name: YSC Value: ZyahC1A9lT8 |
|
.youtube.com/ | Name: VISITOR_INFO1_LIVE Value: O5iWE0mF0XY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lnk.direct
smiles.itau.com.br.cs68730.tmweb.ru
www.projetosinfoplus.com.br
www.youtube.com
108.167.171.37
163.172.21.228
2a00:1450:4001:819::200e
92.53.96.2
2dd9778c111bc25cfb4021239a3b995c104387cfd54d0b921c3608490aa83640
68f31e4503620e8dec15e4c3e9f7c7a5c638baa9fe348c34f2267ac27e5be45a
75329809aa5f054bfea1b4d2af197c51fd8b498d99bf7a5f407cd3b678390eca
967b2d8ae3f715b6f4e7bdc94f74ac7cf763582e9fad663a079cf90562cfa02c
9bef24c217abc814d0f8e81f2568afedb4b6b40f3455f132496cb69e0aaed6c5
a34eb8f9bb7f142d7c06c93c7f255b3320fa82a9758638c950bde4cc2b7adfa7
a6e946bb0c080f59a1bf8841ceb35d808fc19c79f96ff4375fdc7ff5789077fc
c0a68e6b56a57c0639351092fa57a4fc802ffd2868e3a2266eb9e47a267dd531
ce089e6a6c3f866f02d14cda88293470a75735c77745c9afe50a8d0865d323d3
d2c7a7b008ffff69871cca018f491e0f822e60bac003e2a76cf17f7ed5f534fe
de9473ed5cc0e158c598d1720e9577a77944b2ea639633c7ce62b3ea24e30695
f22913089eaf32166a0735f359261cba7c43490143976e9f26b280d0a5128631
fbe430c54aba814ecd1ce8e24ed1469af9d3610e99ea1ddfea91fdaaff4b604e
fce1b95464156047730dbadc8578fce5abba103cff30185937d24e370ecdf694