ltauactive.online Open in urlscan Pro
104.21.6.187 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ltauactive.online/
Submission Tags: tweet @coolcarlos17 #phishing #scam #golpe #itau Search All
Submission: On December 23 via api (December 23rd 2022, 5:51:01 pm UTC) from FI — Scanned from FI

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 104.21.6.187, located in and belongs to CLOUDFLARENET, US. The main domain is ltauactive.online.
TLS certificate: Issued by E1 on December 23rd 2022. Valid for: 3 months.

This is the only time ltauactive.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address		AS Autonomous System
15	104.21.6.187 104.21.6.187		13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	1

15 104.21.6.187 (None, )

ASN13335 (CLOUDFLARENET, US)

ltauactive.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	ltauactive.online ltauactive.online	333 KB
15	1

	Domain	Requested by
15	ltauactive.online	ltauactive.online
15	1

This site contains no links.

Subject Issuer	Validity	Valid
*.ltauactive.online E1	`2022-12-23` - `2023-03-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ltauactive.online/
Frame ID: F3DE5A63EB30E7767FE52123D23EA37E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

333 kB
Transfer

392 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ltauactive.online/	3 KB 1 KB	808ms 288ms	Document text/html	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.1.10 Resource Hash `2c4cc601c8a65ef677273f932e1f52330de7b5fd8e7768ba8a2a754b7a96ac66` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 77e2f13f2fa2b34d-PRG content-encoding br content-type text/html; charset=UTF-8 date Fri, 23 Dec 2022 17:50:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwdCwTlDYoSmXLEITlcK07szNuelrba1a26kL85xpsfHcHN%2FHd2LH%2B3UI%2B9ceHnDlDriSloJNn1E98bGAtYsdQXddO3b376NKj9jsK8dLwTGGq9nJgQbDlFVDmQhwaOHJ22Biw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.1.10
GET H2	200	style.home.css ltauactive.online/assets/css/	4 KB 1 KB	178ms 176ms	Stylesheet text/css	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/assets/css/style.home.css?xx1671817855 Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d216837f5436b12b3b17423dd06e646dc779792272f4e97de5d7d62a2457e60f` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT content-encoding br cf-cache-status MISS last-modified Mon, 15 Aug 2022 01:17:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"10ab-5e63d665e5d3d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66ZVWrLW%2FTeMMFgKa%2BuoN7%2BEOR9wfn%2FokwzcBEThfKZOxYSNTK75RfiVAeIpzEU62Nmv36keU%2FdCm3Nb%2FuaTyJMx1Zq3Pfz8Osc1tR3idwDxOl1tuZvZ7346TP92%2BBAvzKcW4Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 77e2f140faa8b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-3.2.1.min.js Show response ltauactive.online/js/	85 KB 31 KB	289ms 288ms	Script application/javascript	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/js/jquery-3.2.1.min.js?xx1671817855 Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT content-encoding br cf-cache-status MISS last-modified Sun, 29 Oct 2017 21:22:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15283-55cb61ee9df00" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJFzkd3tsDNoJgtV1c79rSUL5uSTTJjhPzfaclU3ziAamJ25FwElKZ0l%2BQMaabt4kd%2FQ0B1%2BgqwbYX8N2SaSeSYszhZUmD4uk%2F7Vz%2BURndAs1H9aqVR1rxH%2FFfcqs7uQvqkF%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 77e2f140faa9b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery.mask.min.js Show response ltauactive.online/js/	5 KB 2 KB	182ms 181ms	Script application/javascript	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/js/jquery.mask.min.js?xx1671817855 Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT content-encoding br cf-cache-status MISS last-modified Wed, 10 Sep 2014 20:31:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"12fc-502bbf01b1580" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNEg5NrsYB%2F5VoIMm5OOdwgqg75PZI1YoYY7alHAwECfRQufNRKo5FYzQRGAx1UA8AeK%2B5IJfOPgPR7rLCejr8WROQf9LWka85WGFoZOtG2L8eU8arBSnCHiY%2BsC29X7iFf7mg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 77e2f140faaab34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	the.home.js Show response ltauactive.online/js/	4 KB 2 KB	179ms 179ms	Script application/javascript	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/js/the.home.js?xx1671817855 Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `aeac882b2de83fff332c64878adb35665f471da6d41be31a0e313c470f720020` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT content-encoding br cf-cache-status MISS last-modified Wed, 17 Aug 2022 15:23:53 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"11cc-5e67173e474a9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGFYDYzGKfot9KLBqCbhnzX82IY3ykscxYg1LwwPh2EfOwJwiNqrWb6PZ6jpgxGd3xuJolSmRlL5QDMDwpjxa1EU5rrqd0LoA06z5EVWmEPYaFKVKBNyudWMvy8JEo0yVe73bA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 77e2f140faabb34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	logo-login.png ltauactive.online/assets/images/	13 KB 13 KB	181ms 180ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/logo-login.png Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `592f54c70b204a4c902513aa35e407836658c856a332066b07a24f66327ac440` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Sun, 14 Aug 2022 19:01:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3239-5e638263c2a07" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xzej44rFJmFMtUqY7Qj%2FNwjR90W3JRWhCfgoC9KQnASxtqouWkUaufyV863ZxJttPVbDkxg6e7cvjfjDFj9XwIi5SxOBDbQ0hZQBLVowxbOqHbX7zesXOP3KD%2FV%2F5QADWNjQaA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1422cb4b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12857
GET H2	200	buttongiro.gif ltauactive.online/assets/images/	91 KB 91 KB	482ms 481ms	Image image/gif	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/buttongiro.gif Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `53f9e0db76a9435f27ddbae8ae87f909716ba52a1b60de9f92267f710d81dca8` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Sun, 14 Aug 2022 20:06:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "16aca-5e6390eac872a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lfQlf4HQhs3%2FFewza%2B%2F8XfzzDlFt7LzuWSlmTKMsFTmo94byvLXxUuhBs0%2BM9cDjFITKIHLTVmgQa6ijCdw8h2tegqRpnBu2N67MuMNygFJQv%2BD7lWTl1wuOZm6ADSelD1TESg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f142ee0ab34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 92874
GET H2	200	ic_contact_card.png ltauactive.online/assets/images/	503 B 879 B	445ms 444ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/ic_contact_card.png Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7128b3163ef3d75f3f7f7e803b65a7bbfbf480c880c7a815c33ea82d549e630d` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Mon, 24 Sep 2018 19:16:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1f7-576a2d501d580" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJrpSZHzapbyxUA6AcDmoR9f0bCFmpqzUWW5uiF1woHVK68Q3%2B8dBIpeEugTijIpgRaaIUiVaUWQDxO1avOPj1XO1Vsud9y6N6K0ptb2kfUDp6EUtMhsqxCcc3RulO7%2BvBauiA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e55b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 503
GET H2	200	ic_itokenapp.png ltauactive.online/assets/images/	2 KB 2 KB	450ms 448ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/ic_itokenapp.png Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `75851533db3fda044c3fe2bdfbb1dfdf808586387493fc5b3395ba8400391046` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Tue, 10 Sep 2019 00:11:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "7ff-59227bfa20700" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZV%2BoKeXVTS1xamk2hswKFdu6WegKTFLO%2B3ghMcS8dBBU6vV8TlVXyLEtU5SyxmqXWykSWRx5HJ1uc7mfheWkqutpa24VFKkcVJr5I0QkWKLaFliA6XQGtkKE2fRqgMtcH6kTJw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e57b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 2047
GET H2	200	ic_ajuda.png ltauactive.online/assets/images/	1 KB 2 KB	443ms 442ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/ic_ajuda.png Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `915e3aea1eda6df53467eb792f487578c127d19740a1eb669d6dba7d2435edb4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Tue, 10 Sep 2019 00:11:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "55e-59227bfa20700" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JauNkccgUIXEQFw99UHAvJf3blOrJIsxWQkLEAHVOiMk7HCNGadMb1AgqVUBfYhHyjkmdBu90Dw7DYHc1KYtWpkaMqyrZ1xX%2BxzDi5fJIGG6NOHcc3OxFUKdWg83yHoHMUpvzQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e59b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1374
GET H2	200	logo.png ltauactive.online/assets/images/	8 KB 9 KB	440ms 439ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/logo.png Requested by Host: ltauactive.online URL: https://ltauactive.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `32093ba59daa14a1fc82ef0ae1387bbf7fff78a99dc31eab8047c80f474dc663` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Sun, 14 Aug 2022 18:51:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "20eb-5e638006f8935" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=roQBFaKFZUkkgAzLGCKwurqV0%2BY5p0OF%2FHZUGRefDEBhoI%2BzUo7qVzjsKUjQueqBoji4ad6wYVHsiZ7qUe2F4up8DfVfyMfeRaVMBvwUE8FTp7bu5wwZg80ya0m4a%2F3E8q3DDQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e5bb34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8427
GET H2	200	home_bg.png ltauactive.online/assets/images/	175 KB 176 KB	484ms 483ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/home_bg.png Requested by Host: ltauactive.online URL: https://ltauactive.online/assets/css/style.home.css?xx1671817855 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d33cfca923e87510e2837231c77985de89f00f0ba8bf8b4e86bf7086f38514c6` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/assets/css/style.home.css?xx1671817855 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Mon, 24 Sep 2018 19:16:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2bd3e-576a2d501d580" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00W0BOjSOW7%2FgYtFBZ8XZTzZGWi0Ox7xWzbVg8Jqg4QViUTEp6aPlLcJZkeRxmCVgZFxJv7yt4s4ZuCPraEyhzp3eS%2Fb%2FkmcgKHxvWzaHh0dQhpa5r4JjvsR4Dm1BiCMaubLtQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e5eb34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 179518
GET H2	200	ic_cadeado.png ltauactive.online/assets/images/	783 B 1 KB	445ms 444ms	Image image/png	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ltauactive.online/assets/images/ic_cadeado.png Requested by Host: ltauactive.online URL: https://ltauactive.online/assets/css/style.home.css?xx1671817855 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b28fd611f0f51576757693edb78d14b162007c819945963b8ea339a456f5404` Request headers accept-language fi-FI,fi;q=0.9 Referer https://ltauactive.online/assets/css/style.home.css?xx1671817855 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 23 Dec 2022 17:50:56 GMT cf-cache-status MISS last-modified Tue, 10 Sep 2019 00:11:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "30f-59227bfa20700" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8doBGVBHUyoQkap1VYKYTjfmBj7I8icNWiDrpRJ2sy2oiq7aZJAkfL15kwMb9fBBPs%2FzVcwOrkisu0lb4oCf1J%2BJNayvz%2BHzqHUOjqVm1r4r7pbZE0pHjKaqeVX4gSYccjDlXQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 77e2f1431e62b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 783
POST H2	200	/ Show response ltauactive.online/api/	4 B 353 B	1121ms 1120ms	XHR text/html	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/api/ Requested by Host: ltauactive.online URL: https://ltauactive.online/js/jquery-3.2.1.min.js?xx1671817855 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.1.10 Resource Hash `70a63889decd52e077c6a1b4f11f382d2c27a481cdff0f95ced293a4e572556f` Request headers Accept / Referer https://ltauactive.online/ X-Requested-With XMLHttpRequest accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Fri, 23 Dec 2022 17:50:59 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.1.10 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5l0x%2FZu5PQ7%2BveAu203ueGA9MnyGqSyzPETMKiFAVwtwzNvagy78NqnwU1LBfmN35TBI6wLJRkcxx6yuX9BBo6y%2B8fWhtUDXAxfBYiqiEcy7uVuFX6AdLu9Sw4BYwWHEjLN%2B6Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 77e2f155df79b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H2	200	/ Show response ltauactive.online/api/	4 B 305 B	133ms 132ms	XHR text/html	104.21.6.187 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ltauactive.online/api/ Requested by Host: ltauactive.online URL: https://ltauactive.online/js/jquery-3.2.1.min.js?xx1671817855 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.6.187 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.1.10 Resource Hash `70a63889decd52e077c6a1b4f11f382d2c27a481cdff0f95ced293a4e572556f` Request headers Accept / Referer https://ltauactive.online/ X-Requested-With XMLHttpRequest accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Fri, 23 Dec 2022 17:51:00 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.1.10 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHN3HOYLKTMcs3eb4TOdzJ%2BjvDsZuKphLx27xz6rrSQc0%2FDotaBFOZKcHfX3fL8WX3FQHkLvGBqJrdDWy1JKz0%2FWGkBP9ffnLZ5KCbY6TH%2FdHA5e%2FvEeC6ovJOwTio6C2FipMA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 77e2f15c2974b34d-PRG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ltauactive.online
104.21.6.187
2c4cc601c8a65ef677273f932e1f52330de7b5fd8e7768ba8a2a754b7a96ac66
32093ba59daa14a1fc82ef0ae1387bbf7fff78a99dc31eab8047c80f474dc663
3b28fd611f0f51576757693edb78d14b162007c819945963b8ea339a456f5404
53f9e0db76a9435f27ddbae8ae87f909716ba52a1b60de9f92267f710d81dca8
592f54c70b204a4c902513aa35e407836658c856a332066b07a24f66327ac440
70a63889decd52e077c6a1b4f11f382d2c27a481cdff0f95ced293a4e572556f
7128b3163ef3d75f3f7f7e803b65a7bbfbf480c880c7a815c33ea82d549e630d
75851533db3fda044c3fe2bdfbb1dfdf808586387493fc5b3395ba8400391046
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
915e3aea1eda6df53467eb792f487578c127d19740a1eb669d6dba7d2435edb4
aeac882b2de83fff332c64878adb35665f471da6d41be31a0e313c470f720020
d216837f5436b12b3b17423dd06e646dc779792272f4e97de5d7d62a2457e60f
d33cfca923e87510e2837231c77985de89f00f0ba8bf8b4e86bf7086f38514c6
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975

ltauactive.online Open in urlscan Pro 104.21.6.187 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

333 kBTransfer

392 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

ltauactive.online Open in urlscan Pro
104.21.6.187 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

333 kB
Transfer

392 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!