prataconstrutora.com.br
Open in
urlscan Pro
66.70.176.57
Malicious Activity!
Public Scan
Submission: On November 06 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 22nd 2017. Valid for: 3 months.
This is the only time prataconstrutora.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 66.70.176.57 66.70.176.57 | 16276 (OVH) (OVH) | |
10 | 95.101.248.209 95.101.248.209 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 95.101.241.53 95.101.241.53 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 95.101.246.247 95.101.246.247 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
4 | 95.100.188.189 95.100.188.189 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
2 | 52.17.226.250 52.17.226.250 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 63.140.43.7 63.140.43.7 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 1 | 66.117.28.86 66.117.28.86 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
24 | 8 |
ASN16276 (OVH, FR)
PTR: s02.jcnet.com.br
prataconstrutora.com.br |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-248-209.deploy.akamaitechnologies.com
client.schwab.com | |
www.schwab.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-241-53.deploy.akamaitechnologies.com
client.schwabcdn.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-246-247.deploy.akamaitechnologies.com
content.schwab.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-188-189.deploy.akamaitechnologies.com
lms.schwab.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-226-250.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: schwab.com.ssl.d1.sc.omtrdc.net
smetric.schwab.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
schwab.com
client.schwab.com Failed www.schwab.com content.schwab.com lms.schwab.com smetric.schwab.com |
429 KB |
2 |
demdex.net
dpm.demdex.net schwab.demdex.net Failed |
640 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net |
527 B |
1 |
schwabcdn.com
client.schwabcdn.com |
31 KB |
1 |
prataconstrutora.com.br
prataconstrutora.com.br |
213 B |
24 | 5 |
Domain | Requested by | |
---|---|---|
8 | client.schwab.com |
client.schwab.com
|
4 | lms.schwab.com |
client.schwab.com
lms.schwab.com |
2 | smetric.schwab.com |
www.schwab.com
|
2 | dpm.demdex.net |
www.schwab.com
client.schwab.com |
2 | www.schwab.com |
client.schwab.com
|
1 | cm.everesttech.net | 1 redirects |
1 | content.schwab.com |
client.schwab.com
|
1 | client.schwabcdn.com |
client.schwab.com
|
1 | prataconstrutora.com.br | |
0 | schwab.demdex.net Failed |
www.schwab.com
|
24 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
lms.schwab.com |
sealinfo.verisign.com |
brokercheck.finra.org |
content.schwab.com |
www.facebook.com |
www.twitter.com |
www.youtube.com |
www.sipc.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
prataconstrutora.com.br Let's Encrypt Authority X3 |
2017-09-22 - 2017-12-21 |
3 months | crt.sh |
www.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-05-18 - 2018-06-04 |
a year | crt.sh |
*.schwabcdn.com Symantec Class 3 Secure Server CA - G4 |
2017-03-27 - 2018-03-30 |
a year | crt.sh |
content.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-08-16 - 2018-09-13 |
a year | crt.sh |
lms.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-10-17 - 2018-05-11 |
7 months | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2014-11-09 - 2018-01-24 |
3 years | crt.sh |
smetric.schwab.com Symantec Class 3 EV SSL CA - G3 |
2017-05-18 - 2018-06-11 |
a year | crt.sh |
This page contains 5 frames:
Frame:
https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
Frame ID: 16721.1
Requests: 2 HTTP requests in this frame
Frame:
https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
Frame ID: 16746.1
Requests: 16 HTTP requests in this frame
Frame:
https://lms.schwab.com/Login?ClientId=schwab-secondary&StartInSetId=1&enableAppD=false&RedirectUri=client.schwab.com/Login/Signon/AuthCodeHandler.ashx&SANC=mie
Frame ID: 16746.2
Requests: 4 HTTP requests in this frame
Frame:
https://schwab.demdex.net/dest5.html?d_nsid=undefined
Frame ID: 16746.3
Requests: 1 HTTP requests in this frame
Frame:
https://schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: 16746.4
Requests: 1 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: New User?
Search URL Search Domain Scan URL
Title: SchwabSafe
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: The Schwab SecurityGuarantee
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA’s BrokerCheck
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: SIPC
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://cm.everesttech.net/cm/dd?d_uuid=06714866936346223950638407415594081973 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=WgC_KAAACPxtntmU
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
hellion2.php
prataconstrutora.com.br/inc/schwab/ |
228 B 213 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CustomerCenterLogin.aspx
client.schwab.com/Login/SignOn/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CustomerCenterLogin.aspx
client.schwab.com/Login/SignOn/ Frame 1674 |
83 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginbase.js
client.schwab.com/scripts/merge/ Frame 1674 |
173 KB 57 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basestyle.css
client.schwab.com/cssmerged/ Frame 1674 |
314 KB 76 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
client.schwab.com/ Frame 1674 |
23 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sch-logo.png
client.schwabcdn.com/images/ Frame 1674 |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sch-logo.png
client.schwab.com/images/ Frame 1674 |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-banner_10-16-17.png
www.schwab.com/secure/file/P-10712105/ Frame 1674 |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-banner_10-16-17.png
client.schwab.com/secure/file/P-10712105/ Frame 1674 |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
short
client.schwab.com/system/asset/ Frame 1674 |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GlanceCobrowseLoader_3.2.2M.js
content.schwab.com/glance/ Frame 1674 |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Login
lms.schwab.com/ Frame 1674 |
30 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Schwab-Icon-Font-v0-4.woff
client.schwab.com/font/ Frame 1674 |
36 KB 36 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
www.schwab.com/public/file/TEALIUM-UTAG-CC/ Frame 1674 |
204 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
id
dpm.demdex.net/ Frame 1674 |
1 KB 598 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dest5.html
schwab.demdex.net/ Frame 1674 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
smetric.schwab.com/ Frame 1674 |
49 B 49 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
ibs:dpid=411&dpuuid=WgC_KAAACPxtntmU
dpm.demdex.net/ Frame 1674 Redirect Chain
|
42 B 42 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-component-responsive-secondary
lms.schwab.com/bundles/styles/lib/ Frame 1674 |
51 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40d36bbb
lms.schwab.com/akam/10/ Frame 1674 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s4168079463506
smetric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/ Frame 1674 |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40d36bbb
lms.schwab.com/akam/10/ Frame 1674 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dest5.html
schwab.demdex.net/ Frame 1674 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx?SANC=mie
- Domain
- schwab.demdex.net
- URL
- https://schwab.demdex.net/dest5.html?d_nsid=undefined
- Domain
- schwab.demdex.net
- URL
- https://schwab.demdex.net/dest5.html?d_nsid=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
19 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.demdex.net/ | Name: demdex Value: 06714866936346223950638407415594081973 |
|
.schwab.com/ | Name: lms-lang Value: en-US |
|
.schwab.com/ | Name: ak_bmsc Value: AE29C3A504759625AEF4B98211FD48FC174A1837CD56000028BE005A03A4F505~pl3A35ccMBjMlHX8uyPwIhiZmDu9Pdjb8dCnevOWOi1sWJCt+pT2Hs9RU23Ofp8JMWR5Rv/utkDdA2ZGNsKAXPiZtUT6SA4939XlOROoB/ew6XQrqIFxXP2E0i3hhowFtyQ2xMs0W1UTuCLhWPM72br4/3NOJmkUuadxJCnxDTDOhtfncCsey5EnZiWEnBHXvfPVvH3teNWNVz00dkHCsfjaFVNoNPFOBVyGhOgWREuXw= |
|
.schwab.com/ | Name: s_pers Value: %20s_vnum%3D1941998120158%2526vn%253D1%7C1941998120158%3B%20s_invisit%3Dtrue%7C1509999920158%3B%20s_prevCh%3D%252Fclient_center%7C1509999920162%3B%20s_depth%3D1%7C1509999920163%3B%20s_gpv_pn%3D%252Fclient_center%252FLogin%252FSignOn%252FCustomer%2520Center%2520Login%7C1509999920164%3B |
|
.schwab.com/ | Name: lms-query-cookie Value: ClientId=schwab-secondary&StartInSetId=1&enableAppD=false&RedirectUri=client.schwab.com%2fLogin%2fSignon%2fAuthCodeHandler.ashx&SANC=mie |
|
.schwab.com/ | Name: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg Value: 1 |
|
.schwab.com/ | Name: sstate Value: ||client.schwab.com|||||F755AAC994D0CA27D42798442F446348EF40FB773F136FABB4C4D805C2EFEF40C3BA9E6E827E26B661FFD0B0EBD2DCECE0EC6E78B70499562C319B11E98A8C34FF6CEFBC3EACA4DBFD47069F78EA98D4C8D90F87045ED48CCC11725D1073AFB29E97B5EEABDD4710EBE39BB2122647DAAC1E7E684190B87B814D2634C70C0EC354A8EC4A7F30A83B51F3BA7ACC22AD47FCA22650|||||||| |
|
.schwab.com/ | Name: utag_main Value: v_id:015f92e6cbb4000dac05920ae06600079004807100b08$_sn:1$_ss:1$_st:1509999919861$ses_id:1509998119861%3Bexp-session$_pn:1%3Bexp-session |
|
.client.schwab.com/ | Name: aam_uuid Value: 06714866936346223950638407415594081973 |
|
.schwab.com/ | Name: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg Value: -894706358%7CMCMID%7C01458534311806384440255475178170000866%7CMCAAMLH-1510602920%7C6%7CMCAAMB-1510602920%7C6eRfoxAm2cq2SAAxL21oK-e7HbJvNbZb-y0aB7C3stk9V50%7CMCOPTOUT-1510005320s%7CNONE%7CMCSYNCSOP%7C411-17484%7CMCAID%7CNONE%7CvVersion%7C2.3.0 |
|
.schwab.com/ | Name: NP2 Value: |w5413fnkzojegu3bs4iflve2|||N|||||||||| |
|
client.schwab.com/ | Name: BIGipServerclient-origin-rr-cdc-443-pool Value: 989883146.47873.0000 |
|
.demdex.net/ | Name: dextp Value: 60-1-1509998120182|477-1-1509998120182|771-1-1509998120183|782-1-1509998120183|903-1-1509998120183|575-1-1509998120184 |
|
.schwab.com/ | Name: s_sess Value: %20s_linkTracking%3D%3B%20s_cc%3Dtrue%3B |
|
.schwab.com/ | Name: lang Value: en-US |
|
client.schwab.com/ | Name: BIGipServerclient-origin-pod3-bdc-443-pool Value: 956328714.47873.0000 |
|
.schwab.com/ | Name: NS2 Value: ||IyTBnAprADsKBQoJCAYCAA||N|||||||||N|||||||||||||||||N|||||||| |
|
.schwab.com/ | Name: ASP.NET_SessionId Value: xnhwtyxm1uo1mutik1bi0tx2 |
|
.schwab.com/ | Name: pod Value: 3 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
client.schwab.com
client.schwabcdn.com
cm.everesttech.net
content.schwab.com
dpm.demdex.net
lms.schwab.com
prataconstrutora.com.br
schwab.demdex.net
smetric.schwab.com
www.schwab.com
client.schwab.com
schwab.demdex.net
52.17.226.250
63.140.43.7
66.117.28.86
66.70.176.57
95.100.188.189
95.101.241.53
95.101.246.247
95.101.248.209
03f25eb07495770f9207af4e2a709dac0b24de34ea66eedfa2b629601d9ac484
242617de38b440375649b3aa3f70fc99e5a697591cb50fb1761b4a7a60d32ab1
276bb8a7a3b8efce0a684891097d8c2ed63df824e4ffa5e93fb6ca4d743aab35
2a553fb6885b9e663f87f931a511fc1eedbde1448a18e19d4ba998ff156793b1
340c8144527d33b72feafe06c90fd99ca176e7b6a49ea0b50d35c4e20f3da1f8
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
535e9eaaba64efce9969445ca7604dc29d02a6b6529c785340acfcbd19bc5cc4
5faa1d6ae0dc012fc5786aff8198fbb2d641c4c64b34a121817fb7dbc3f652a0
65c546996638911d0bd2a36945c3a475b84fed0c898a6365fbd822049d86cb62
69956546b189eee14c0fb675f03ec33fc504fc2c274dc196e858edd5d1f12273
878ddc24790cd891d9cc65c7d4c21e9285dd0fbf77d42d624bcc5cad3c5014f2
ade32e90ed482fd278a6007576eab29d7f28c711765dfa8418de66e1f222a4a7
bc9c4b73c7050050ca5b21889e22cc317fe7b7b9495a3736a08c4fdc208356b5
c8fcb4a90e4c309ad8087c7ea69ebcd079435f8c907e5d1149d42deb9eb8201a
ce18412ac1c6650c3ec74f0b04e93765c09d932c363cb934630854155db80403
ec440c97f02f49fc2ca942e8675d8737eb3f29761101dae0986010dc6f026cd8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629