uniclass2.webredirect.org Open in urlscan Pro
188.225.73.142 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php
Submission: On October 18 via manual (October 18th 2018, 5:44:18 am UTC) from BR

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 188.225.73.142, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is uniclass2.webredirect.org.

This is the only time uniclass2.webredirect.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address	AS Autonomous System
12	188.225.73.142 188.225.73.142	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
13	2

12 188.225.73.142 (Russian Federation)

ASN9123 (TIMEWEB-AS, RU)
PTR: uniclass2.webredirect.org

uniclass2.webredirect.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	webredirect.org uniclass2.webredirect.org	194 KB
1	jquery.com code.jquery.com	38 KB
13	2

	Domain	Requested by
12	uniclass2.webredirect.org	uniclass2.webredirect.org code.jquery.com
1	code.jquery.com	uniclass2.webredirect.org
13	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php
Frame ID: E618F8DA3AB8CC6ADC3B8DC74D0081CE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

232 kB
Transfer

299 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set chamada.php Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/	754 B 913 B	41ms 41ms	Document text/html	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26 Resource Hash `234433ab7ba7f2f2eda1e671bfe6013aab3a942c1927fb548dbf69874bcf1b2a` Request headers Host uniclass2.webredirect.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:05 GMT Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.26 Set-Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Content-Length 446 Keep-Alive timeout=5, max=95 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	jquery-1.9.1.min.js Show response code.jquery.com/	90 KB 38 KB	18ms 6ms	Script application/javascript	205.185.208.52 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL http://code.jquery.com/jquery-1.9.1.min.js Requested by Host: uniclass2.webredirect.org URL: http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Protocol HTTP/1.1 Server 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip052.ssl.hwcdn.net Software nginx / Resource Hash `c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4` Request headers Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:07 GMT Content-Encoding gzip Last-Modified Fri, 24 Oct 2014 00:16:07 GMT Server nginx ETag "54499a47-169d5" Vary Accept-Encoding X-HW 1539841447.dop026.fr8.t,1539841447.cds018.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 37959
GET H/1.1	200 OK	script.js Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/	5 KB 2 KB	41ms 41ms	Script application/javascript	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/script.js Requested by Host: uniclass2.webredirect.org URL: http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `63310e72ecb87c85c07756eebd250c6e939f972a60a55e176472d05e9b135ee4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:05 GMT Content-Encoding gzip Last-Modified Mon, 01 Aug 2016 20:42:36 GMT Server Apache/2.4.7 (Ubuntu) ETag "1590-53908a3e88700-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 1582
GET H/1.1	200 OK	norm.css uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/	5 KB 2 KB	41ms 41ms	Stylesheet text/css	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/norm.css Requested by Host: uniclass2.webredirect.org URL: http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `6a2254469ced28896c6bf89ebd814150c7a4e47710c593993d885e13ced1f76c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:05 GMT Content-Encoding gzip Last-Modified Fri, 15 Jul 2016 01:11:18 GMT Server Apache/2.4.7 (Ubuntu) ETag "15a3-537a24bb5f980-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1312
GET H/1.1	200 OK	princ.php Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/	3 KB 2 KB	41ms 40ms	XHR text/html	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/princ.php?a=466.3500468967332 Requested by Host: code.jquery.com URL: http://code.jquery.com/jquery-1.9.1.min.js Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26 Resource Hash `0ef9c0ab85606535729a59a4b6e40b6055e791d56d6ea623ceda01ff215b112b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php X-Requested-With XMLHttpRequest Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Accept / Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 18 Oct 2018 05:44:06 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.26 Vary Accept-Encoding Content-Type text/html Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 1218 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	function.php Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/	82 B 367 B	42ms 40ms	XHR text/html	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/function.php?sk=719.0634225116603 Requested by Host: code.jquery.com URL: http://code.jquery.com/jquery-1.9.1.min.js Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26 Resource Hash `9c7b1445f05db0225449017ab14542f13e987bfadba3493f6485746bad1c66f5` Request headers Pragma no-cache Origin http://uniclass2.webredirect.org Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Cache-Control no-cache X-Requested-With XMLHttpRequest Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Content-Length 32 Accept / Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Origin http://uniclass2.webredirect.org X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.26 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=93 Content-Length 96
GET H/1.1	200 OK	script.js Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/	5 KB 2 KB	41ms 41ms	XHR application/javascript	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/script.js?_=1539841447694 Requested by Host: code.jquery.com URL: http://code.jquery.com/jquery-1.9.1.min.js Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `63310e72ecb87c85c07756eebd250c6e939f972a60a55e176472d05e9b135ee4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php X-Requested-With XMLHttpRequest Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Content-Encoding gzip Last-Modified Mon, 01 Aug 2016 20:42:36 GMT Server Apache/2.4.7 (Ubuntu) ETag "1590-53908a3e88700-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 1582
GET H/1.1	200 OK	prg.png uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/	77 KB 77 KB	41ms 41ms	Image image/png	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/prg.png Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `7b11dbbe6edc20717b9505228a79627587f71d44004e02971991baefb9e0b5d9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Last-Modified Thu, 05 Dec 2013 13:08:38 GMT Server Apache/2.4.7 (Ubuntu) ETag "13281-4ecc93a53e180" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 78465
GET H/1.1	200 OK	norm.css uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/	5 KB 2 KB	41ms 41ms	Stylesheet text/css	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/norm.css Requested by Host: code.jquery.com URL: http://code.jquery.com/jquery-1.9.1.min.js Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `6a2254469ced28896c6bf89ebd814150c7a4e47710c593993d885e13ced1f76c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Content-Encoding gzip Last-Modified Fri, 15 Jul 2016 01:11:18 GMT Server Apache/2.4.7 (Ubuntu) ETag "15a3-537a24bb5f980-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 1312
GET H/1.1	200 OK	tbb1.jpg uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/	49 KB 49 KB	40ms 40ms	Image image/jpeg	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/tbb1.jpg Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `45df1375333905411509ba8c1bdc20f5b29572ad30fbd4fd6408623a8b073d4a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Last-Modified Fri, 15 Jul 2016 01:15:16 GMT Server Apache/2.4.7 (Ubuntu) ETag "c20b-537a259e59100" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 49675
GET H/1.1	200 OK	atribate2.png uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/	11 KB 11 KB	41ms 40ms	Image image/png	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/atribate2.png Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `3a84db18f1c76c20689ebd07728273df641cf1b6298d6f424e829e3e842a1af0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Last-Modified Sun, 27 Jul 2014 18:22:44 GMT Server Apache/2.4.7 (Ubuntu) ETag "2baa-4ff30e480c500" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 11178
GET H/1.1	200 OK	norm.png uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/	47 KB 47 KB	41ms 40ms	Image image/png	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/norm.png Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / Resource Hash `6978dea752f77a60fc06b87e0e6474dfa01845259c291640a8f96a0b432e7b55` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/norm.css Cookie PHPSESSID=psk94apsqb00iusc2n2amuh216 Connection keep-alive Cache-Control no-cache Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/norm.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 18 Oct 2018 05:44:06 GMT Last-Modified Sun, 27 Jul 2014 18:22:44 GMT Server Apache/2.4.7 (Ubuntu) ETag "badb-4ff30e480c500" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 47835
POST H/1.1	200 OK	function.php Show response uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/	82 B 367 B	41ms 41ms	XHR text/html	188.225.73.142 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/function.php?sk=536.3032748791219 Requested by Host: code.jquery.com URL: http://code.jquery.com/jquery-1.9.1.min.js Protocol HTTP/1.1 Server 188.225.73.142 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS uniclass2.webredirect.org Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26 Resource Hash `9c7b1445f05db0225449017ab14542f13e987bfadba3493f6485746bad1c66f5` Request headers Pragma no-cache Origin http://uniclass2.webredirect.org Accept-Encoding gzip, deflate Host uniclass2.webredirect.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Cache-Control no-cache X-Requested-With XMLHttpRequest Connection keep-alive Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Content-Length 32 Accept / Referer http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php Origin http://uniclass2.webredirect.org X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 18 Oct 2018 05:44:10 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.26 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 96

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			uniclass2.webredirect.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: psk94apsqb00iusc2n2amuh216

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
uniclass2.webredirect.org
188.225.73.142
205.185.208.52
0ef9c0ab85606535729a59a4b6e40b6055e791d56d6ea623ceda01ff215b112b
234433ab7ba7f2f2eda1e671bfe6013aab3a942c1927fb548dbf69874bcf1b2a
3a84db18f1c76c20689ebd07728273df641cf1b6298d6f424e829e3e842a1af0
45df1375333905411509ba8c1bdc20f5b29572ad30fbd4fd6408623a8b073d4a
63310e72ecb87c85c07756eebd250c6e939f972a60a55e176472d05e9b135ee4
6978dea752f77a60fc06b87e0e6474dfa01845259c291640a8f96a0b432e7b55
6a2254469ced28896c6bf89ebd814150c7a4e47710c593993d885e13ced1f76c
7b11dbbe6edc20717b9505228a79627587f71d44004e02971991baefb9e0b5d9
9c7b1445f05db0225449017ab14542f13e987bfadba3493f6485746bad1c66f5
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

uniclass2.webredirect.org Open in urlscan Pro 188.225.73.142 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

232 kBTransfer

299 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

Indicators

uniclass2.webredirect.org Open in urlscan Pro
188.225.73.142 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

232 kB
Transfer

299 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!