uniclass2.webredirect.org
Open in
urlscan Pro
188.225.73.142
Malicious Activity!
Public Scan
Submission: On October 18 via manual from BR
Summary
This is the only time uniclass2.webredirect.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 188.225.73.142 188.225.73.142 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
13 | 2 |
ASN9123 (TIMEWEB-AS, RU)
PTR: uniclass2.webredirect.org
uniclass2.webredirect.org |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
webredirect.org
uniclass2.webredirect.org |
194 KB |
1 |
jquery.com
code.jquery.com |
38 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | uniclass2.webredirect.org |
uniclass2.webredirect.org
code.jquery.com |
1 | code.jquery.com |
uniclass2.webredirect.org
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/chamada.php
Frame ID: E618F8DA3AB8CC6ADC3B8DC74D0081CE
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Ubuntu (Operating Systems) Expand
Detected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
chamada.php
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/ |
754 B 913 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.min.js
code.jquery.com/ |
90 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
norm.css
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
princ.php
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/ |
3 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
function.php
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/ |
82 B 367 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/js/ |
5 KB 2 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prg.png
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
norm.css
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tbb1.jpg
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atribate2.png
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
norm.png
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/img/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
function.php
uniclass2.webredirect.org/I-T-A-U-APP/prosseguir.php/atendimento/ |
82 B 367 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| imgsenhaclick function| post function| Formata function| FormataNasci function| SomenteNumero function| get function| nomeClick function| ValidaForm function| validas6 function| getprinc string| STATUS string| msgold number| a1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
uniclass2.webredirect.org/ | Name: PHPSESSID Value: psk94apsqb00iusc2n2amuh216 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
uniclass2.webredirect.org
188.225.73.142
205.185.208.52
0ef9c0ab85606535729a59a4b6e40b6055e791d56d6ea623ceda01ff215b112b
234433ab7ba7f2f2eda1e671bfe6013aab3a942c1927fb548dbf69874bcf1b2a
3a84db18f1c76c20689ebd07728273df641cf1b6298d6f424e829e3e842a1af0
45df1375333905411509ba8c1bdc20f5b29572ad30fbd4fd6408623a8b073d4a
63310e72ecb87c85c07756eebd250c6e939f972a60a55e176472d05e9b135ee4
6978dea752f77a60fc06b87e0e6474dfa01845259c291640a8f96a0b432e7b55
6a2254469ced28896c6bf89ebd814150c7a4e47710c593993d885e13ced1f76c
7b11dbbe6edc20717b9505228a79627587f71d44004e02971991baefb9e0b5d9
9c7b1445f05db0225449017ab14542f13e987bfadba3493f6485746bad1c66f5
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4