valtec.kz Open in urlscan Pro
91.201.214.109 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/
Effective URL:
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Alm...
Submission: On September 21 via manual (September 21st 2018, 4:14:30 am UTC) from BR

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 91.201.214.109, located in Almaty, Kazakhstan and belongs to PS, KZ. The main domain is valtec.kz.

This is the only time valtec.kz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco do Brasil (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	135.196.187.194 135.196.187.194	8190 (MDNX) (MDNX - MDNX Internet Limited)
1 10	91.201.214.109 91.201.214.109	48716 (PS) (PS)
1	185.59.220.12 185.59.220.12	60068 (CDN77) (CDN77)
11	3

1 135.196.187.194 (Burnley, United Kingdom)

ASN8190 (MDNX - MDNX Internet Limited, GB)

www.rossconsular.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 91.201.214.109 (Almaty, Kazakhstan) 1 redirects

ASN48716 (PS, KZ)
PTR: fasol.kz

valtec.kz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.59.220.12 (Frankfurt, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-10.cdn77.com

rec.getsmartlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	valtec.kz 1 redirects valtec.kz	114 KB
1	getsmartlook.com rec.getsmartlook.com	10 KB
1	rossconsular.com www.rossconsular.com	556 B
11	3

	Domain	Requested by
10	valtec.kz	1 redirects valtec.kz
1	rec.getsmartlook.com	valtec.kz
1	www.rossconsular.com
11	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi
Frame ID: 8D5EBE71FE7742EA02640D215E5DABE4
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Page URL
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html HTTP 302
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Page URL
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20... Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

124 kB
Transfer

146 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Page URL
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html HTTP 302
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Page URL
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html HTTP 302
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set / Show response www.rossconsular.com/secure/_sinclude/captcha_code/auto/	114 B 556 B	88ms 63ms	Document text/html	135.196.187.194 MDNX Internet Lim...
General Check archive.org Show headers Download Go to Full URL http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Protocol HTTP/1.1 Server 135.196.187.194 Burnley, United Kingdom, ASN8190 (MDNX - MDNX Internet Limited, GB), Reverse DNS Software Apache/2.4.18 (Win32) OpenSSL/1.0.2g / PHP/5.2.4 Resource Hash `258018e7a27ae69839184d3cc63f5dc52b3a08aac4130b71cc384db6f9b5e02f` Request headers Host www.rossconsular.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 12:23:18 GMT Server Apache/2.4.18 (Win32) OpenSSL/1.0.2g X-Powered-By PHP/5.2.4 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=4h03kmghfkt4ontaechn3908a6; path=/ Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	/ Show response valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Redirect Chain http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/	467 B 558 B	96ms 96ms	Document text/html	91.201.214.109 PS
General Check archive.org Show headers Download Go to Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / PHP/5.5.38 Resource Hash `16f7e2a0d76996dae65b0c8153dacc65176d0836d6d947bb1012de026a99f254` Request headers Host valtec.kz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Response headers Server nginx/1.12.2 Date Fri, 21 Sep 2018 04:14:20 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.5.38 Content-Encoding gzip Redirect headers Server nginx/1.12.2 Date Fri, 21 Sep 2018 04:14:20 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive X-Powered-By PHP/5.5.38 Location bb/
POST H/1.1	200 OK	Primary Request iHomeS.php Show response valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/	5 KB 2 KB	96ms 95ms	Document text/html	91.201.214.109 PS
General Check archive.org Show headers Download Go to Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / PHP/5.5.38 Resource Hash `3852df04c4df0f66c29b680360e3ca84b58ee8143dc7cf7d72602ccb369fe4b6` Request headers Host valtec.kz Connection keep-alive Content-Length 0 Pragma no-cache Cache-Control no-cache Origin http://valtec.kz Upgrade-Insecure-Requests 1 Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Accept-Encoding gzip, deflate Origin http://valtec.kz Upgrade-Insecure-Requests 1 Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Response headers Server nginx/1.12.2 Date Fri, 21 Sep 2018 04:14:20 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.5.38 Content-Encoding gzip
GET H/1.1	200 OK	style.css valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/	2 KB 990 B	92ms 91ms	Stylesheet text/css	91.201.214.109 PS
General Check archive.org Show headers Download Go to Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `ca3ed315470e96159a56eb956216c0ff1f85f8c8994d6c9c941efc639aeb9932` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Content-Encoding gzip Last-Modified Tue, 31 May 2016 04:27:34 GMT Server nginx/1.12.2 ETag W/"574d12b6-801" Transfer-Encoding chunked Content-Type text/css Cache-Control max-age=1209600 Connection keep-alive Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	bottom.png valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	1 KB 2 KB	183ms 91ms	Image image/png	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/bottom.png Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `3c4acc2fb90269458afd1cf4a14b442bc2fe03d1ef66092c2beb43ef821cf025` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 06:01:18 GMT Server nginx/1.12.2 ETag "572ae1ae-55b" Content-Type image/png Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 1371 Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	bottom2.png valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	1 KB 2 KB	184ms 92ms	Image image/png	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/bottom2.png Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `59340dc4d0186662806a3f993c5efccae099a5119b50aa5ddd143e3b2538d087` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 06:27:40 GMT Server nginx/1.12.2 ETag "572ae7dc-5bd" Content-Type image/png Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 1469 Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	recorder.js Show response rec.getsmartlook.com/	30 KB 10 KB	32ms 7ms	Script application/javascript	185.59.220.12 CDN77
General Check archive.org Show headers Download Go to Full URL http://rec.getsmartlook.com/recorder.js Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 185.59.220.12 Frankfurt, Germany, ASN60068 (CDN77, GB), Reverse DNS frankfurt-10.cdn77.com Software CDN77-Turbo / Resource Hash `c9436cdb0f09c43087bf3980e44634787df3af178d3c838f51a3bf0ae56797e3` Request headers Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Content-Encoding gzip X-Edge-Location frankfurtDE Transfer-Encoding chunked X-Cache HIT Connection keep-alive Last-Modified Mon, 10 Sep 2018 10:12:32 GMT Server CDN77-Turbo ETag W/"5b964390-7879" Vary Accept-Encoding Access-Control-Allow-Methods GET, OPTIONS Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=300, public X-Edge-IP 185.59.220.10 X-Age 101 Expires Mon, 10 Sep 2018 10:18:45 GMT
GET H/1.1	200 OK	img1.jpg valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	16 KB 17 KB	92ms 92ms	Image image/jpeg	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/img1.jpg Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `9284612ed87a2a3deb69f6b6aa48dfdd54a372e8bb553a1f461430147238f2f2` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 06:33:22 GMT Server nginx/1.12.2 ETag "572ae932-41e1" Content-Type image/jpeg Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 16865 Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	busca.png valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	1 KB 1 KB	180ms 91ms	Image image/png	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/busca.png Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `8eca80c2f68b96a024943b1cbb2f0cf7e7427971ae8fdb8df5c65529821eb5ae` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 05:07:46 GMT Server nginx/1.12.2 ETag "572ad522-44c" Content-Type image/png Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 1100 Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	home.jpg valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	86 KB 86 KB	181ms 92ms	Image image/jpeg	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/home.jpg Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `58ba1c78b99d0a95a101bf79bd545d251192efb485f7e593fcb479a2451d0a96` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 04:28:56 GMT Server nginx/1.12.2 ETag "572acc08-156ad" Content-Type image/jpeg Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 87725 Expires Fri, 05 Oct 2018 04:14:20 GMT
GET H/1.1	200 OK	top_titulo.png valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/	2 KB 3 KB	182ms 91ms	Image image/png	91.201.214.109 PS
General Check archive.org Show headers Download Go to Show image Full URL http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/top_titulo.png Requested by Host: valtec.kz URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Protocol HTTP/1.1 Server 91.201.214.109 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS fasol.kz Software nginx/1.12.2 / Resource Hash `2ba433d7089454dd9a6a8898e81c71712d153e3f1d8111cd9cadafd521690bbf` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host valtec.kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css Connection keep-alive Cache-Control no-cache Referer http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 21 Sep 2018 04:14:20 GMT Last-Modified Thu, 05 May 2016 05:49:46 GMT Server nginx/1.12.2 ETag "572adefa-9c2" Content-Type image/png Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes Content-Length 2498 Expires Fri, 05 Oct 2018 04:14:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco do Brasil (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| smartlook

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rec.getsmartlook.com
valtec.kz
www.rossconsular.com
135.196.187.194
185.59.220.12
91.201.214.109
16f7e2a0d76996dae65b0c8153dacc65176d0836d6d947bb1012de026a99f254
258018e7a27ae69839184d3cc63f5dc52b3a08aac4130b71cc384db6f9b5e02f
2ba433d7089454dd9a6a8898e81c71712d153e3f1d8111cd9cadafd521690bbf
3852df04c4df0f66c29b680360e3ca84b58ee8143dc7cf7d72602ccb369fe4b6
3c4acc2fb90269458afd1cf4a14b442bc2fe03d1ef66092c2beb43ef821cf025
58ba1c78b99d0a95a101bf79bd545d251192efb485f7e593fcb479a2451d0a96
59340dc4d0186662806a3f993c5efccae099a5119b50aa5ddd143e3b2538d087
8eca80c2f68b96a024943b1cbb2f0cf7e7427971ae8fdb8df5c65529821eb5ae
9284612ed87a2a3deb69f6b6aa48dfdd54a372e8bb553a1f461430147238f2f2
c9436cdb0f09c43087bf3980e44634787df3af178d3c838f51a3bf0ae56797e3
ca3ed315470e96159a56eb956216c0ff1f85f8c8994d6c9c941efc639aeb9932

valtec.kz Open in urlscan Pro 91.201.214.109 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

124 kBTransfer

146 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

valtec.kz Open in urlscan Pro
91.201.214.109 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

124 kB
Transfer

146 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!