![](/screenshots/7c2de525-a262-4841-a92a-be68a6901a3a.png)
valtec.kz
Open in
urlscan Pro
91.201.214.109
Malicious Activity!
Public Scan
Effective URL: http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Alm...
Submission: On September 21 via manual from BR
Summary
This is the only time valtec.kz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco do Brasil (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 135.196.187.194 135.196.187.194 | 8190 (MDNX) (MDNX - MDNX Internet Limited) | |
1 10 | 91.201.214.109 91.201.214.109 | 48716 (PS) (PS) | |
1 | 185.59.220.12 185.59.220.12 | 60068 (CDN77) (CDN77) | |
11 | 3 |
ASN8190 (MDNX - MDNX Internet Limited, GB)
www.rossconsular.com |
ASN60068 (CDN77, GB)
PTR: frankfurt-10.cdn77.com
rec.getsmartlook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
valtec.kz
1 redirects
valtec.kz |
114 KB |
1 |
getsmartlook.com
rec.getsmartlook.com |
10 KB |
1 |
rossconsular.com
www.rossconsular.com |
556 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
10 | valtec.kz |
1 redirects
valtec.kz
|
1 | rec.getsmartlook.com |
valtec.kz
|
1 | www.rossconsular.com | |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi
Frame ID: 8D5EBE71FE7742EA02640D215E5DABE4
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/7c2de525-a262-4841-a92a-be68a6901a3a.png)
Page URL History Show full URLs
- http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Page URL
-
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html
HTTP 302
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Page URL
- http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20... Page URL
Detected technologies
![](/vendor/wappa/icons/WindowsServer.png)
Detected patterns
- headers server /Win32|Win64/i
![](/vendor/wappa/icons/OpenSSL.png)
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.rossconsular.com/secure/_sinclude/captcha_code/auto/ Page URL
-
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html
HTTP 302
http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Page URL
- http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/iHomeS.php?1420.am20.2018-09-21T10:14:20+06:00201899Asia/Almaty2018-09-21T10:14:20+06:0030p2018Fri,%2021%20Sep%202018%2010:14:20%20+060030/2114v.1420.avi Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://valtec.kz/Portal/bb.com.br/AutoAtendimento/?/253918/959927.html HTTP 302
- http://valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
![]() www.rossconsular.com/secure/_sinclude/captcha_code/auto/ |
114 B 556 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ Redirect Chain
|
467 B 558 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Primary Request
iHomeS.php
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/css/ |
2 KB 990 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bottom.png
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bottom2.png
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
recorder.js
rec.getsmartlook.com/ |
30 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.jpg
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
16 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
busca.png
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.jpg
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top_titulo.png
valtec.kz/Portal/bb.com.br/AutoAtendimento/bb/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco do Brasil (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| smartlook0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rec.getsmartlook.com
valtec.kz
www.rossconsular.com
135.196.187.194
185.59.220.12
91.201.214.109
16f7e2a0d76996dae65b0c8153dacc65176d0836d6d947bb1012de026a99f254
258018e7a27ae69839184d3cc63f5dc52b3a08aac4130b71cc384db6f9b5e02f
2ba433d7089454dd9a6a8898e81c71712d153e3f1d8111cd9cadafd521690bbf
3852df04c4df0f66c29b680360e3ca84b58ee8143dc7cf7d72602ccb369fe4b6
3c4acc2fb90269458afd1cf4a14b442bc2fe03d1ef66092c2beb43ef821cf025
58ba1c78b99d0a95a101bf79bd545d251192efb485f7e593fcb479a2451d0a96
59340dc4d0186662806a3f993c5efccae099a5119b50aa5ddd143e3b2538d087
8eca80c2f68b96a024943b1cbb2f0cf7e7427971ae8fdb8df5c65529821eb5ae
9284612ed87a2a3deb69f6b6aa48dfdd54a372e8bb553a1f461430147238f2f2
c9436cdb0f09c43087bf3980e44634787df3af178d3c838f51a3bf0ae56797e3
ca3ed315470e96159a56eb956216c0ff1f85f8c8994d6c9c941efc639aeb9932