![](/screenshots/94d00479-05a0-4515-95ec-ade0b0b2bf53.png)
ltauactive.online
Open in
urlscan Pro
104.21.6.187
Malicious Activity!
Public Scan
Submission Tags: tweet @coolcarlos17 #phishing #scam #golpe #itau Search All
Submission: On December 23 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by E1 on December 23rd 2022. Valid for: 3 months.
This is the only time ltauactive.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 104.21.6.187 104.21.6.187 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ltauactive.online
ltauactive.online |
333 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
15 | ltauactive.online |
ltauactive.online
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ltauactive.online E1 |
2022-12-23 - 2023-03-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ltauactive.online/
Frame ID: F3DE5A63EB30E7767FE52123D23EA37E
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ltauactive.online/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.home.css
ltauactive.online/assets/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
ltauactive.online/js/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
ltauactive.online/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
the.home.js
ltauactive.online/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-login.png
ltauactive.online/assets/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttongiro.gif
ltauactive.online/assets/images/ |
91 KB 91 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic_contact_card.png
ltauactive.online/assets/images/ |
503 B 879 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic_itokenapp.png
ltauactive.online/assets/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic_ajuda.png
ltauactive.online/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
ltauactive.online/assets/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home_bg.png
ltauactive.online/assets/images/ |
175 KB 176 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic_cadeado.png
ltauactive.online/assets/images/ |
783 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
ltauactive.online/api/ |
4 B 353 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
ltauactive.online/api/ |
4 B 305 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| modalInitialClose function| changeThemeColor function| passballs function| validatebt function| validateCard function| validateCardx function| reset0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ltauactive.online
104.21.6.187
2c4cc601c8a65ef677273f932e1f52330de7b5fd8e7768ba8a2a754b7a96ac66
32093ba59daa14a1fc82ef0ae1387bbf7fff78a99dc31eab8047c80f474dc663
3b28fd611f0f51576757693edb78d14b162007c819945963b8ea339a456f5404
53f9e0db76a9435f27ddbae8ae87f909716ba52a1b60de9f92267f710d81dca8
592f54c70b204a4c902513aa35e407836658c856a332066b07a24f66327ac440
70a63889decd52e077c6a1b4f11f382d2c27a481cdff0f95ced293a4e572556f
7128b3163ef3d75f3f7f7e803b65a7bbfbf480c880c7a815c33ea82d549e630d
75851533db3fda044c3fe2bdfbb1dfdf808586387493fc5b3395ba8400391046
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
915e3aea1eda6df53467eb792f487578c127d19740a1eb669d6dba7d2435edb4
aeac882b2de83fff332c64878adb35665f471da6d41be31a0e313c470f720020
d216837f5436b12b3b17423dd06e646dc779792272f4e97de5d7d62a2457e60f
d33cfca923e87510e2837231c77985de89f00f0ba8bf8b4e86bf7086f38514c6
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975