![](/screenshots/a686713c-e25a-4fb6-a352-d9be03a2ab7c.png)
cloud.sfmc.itau-unibanco.com.br
Open in
urlscan Pro
13.111.70.13
Malicious Activity!
Public Scan
Effective URL: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008...
Submission: On August 15 via api from BE — Scanned from DE
Summary
This is the only time cloud.sfmc.itau-unibanco.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Hipercard (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 128.245.96.204 128.245.96.204 | 14340 (SALESFORCE) (SALESFORCE) | |
3 | 13.111.70.13 13.111.70.13 | 22606 (EXACT-7) (EXACT-7) | |
1 | 2a02:26f0:10e... 2a02:26f0:10e::6860:5b51 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2 |
ASN14340 (SALESFORCE, US)
PTR: click.sfmc.itau.com.br
click.sfmc.itau.com.br |
ASN22606 (EXACT-7, US)
PTR: pub.s11.exacttarget.com
cloud.sfmc.itau-unibanco.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
itau-unibanco.com.br
cloud.sfmc.itau-unibanco.com.br — Cisco Umbrella Rank: 682693 |
4 KB |
1 |
sfmc-content.com
image.s11.sfmc-content.com — Cisco Umbrella Rank: 50053 |
197 KB |
1 |
itau.com.br
1 redirects
click.sfmc.itau.com.br — Cisco Umbrella Rank: 320611 |
546 B |
4 | 3 |
Domain | Requested by | |
---|---|---|
3 | cloud.sfmc.itau-unibanco.com.br |
cloud.sfmc.itau-unibanco.com.br
|
1 | image.s11.sfmc-content.com |
cloud.sfmc.itau-unibanco.com.br
|
1 | click.sfmc.itau.com.br | 1 redirects |
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.image.s11.sfmc-content.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-06 - 2022-10-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5
Frame ID: 515608A62E3B842B421A3451F968A96D
Requests: 4 HTTP requests in this frame
Screenshot
![](/screenshots/a686713c-e25a-4fb6-a352-d9be03a2ab7c.png)
Page Title
HipercardPage URL History Show full URLs
-
https://click.sfmc.itau.com.br/?qs=c18236d6b380f62eb4c3557ac8ada01ef48174550cdfed9ff41ef195497c6fffeb3ca973...
HTTP 302
http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://click.sfmc.itau.com.br/?qs=c18236d6b380f62eb4c3557ac8ada01ef48174550cdfed9ff41ef195497c6fffeb3ca973e722f074bb5506127cf92dc807c16392b89a21aa6d97bdbebd75a5ef
HTTP 302
http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
descadastro_hipercard_v2
cloud.sfmc.itau-unibanco.com.br/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_centro_de_preferencias_hiper
cloud.sfmc.itau-unibanco.com.br/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2dac11b7-40c6-40f7-9d7e-a496613f8360.png
image.s11.sfmc-content.com/lib/fe2f117171640578711375/m/1/ |
197 KB 197 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_t
cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2/ |
35 B 35 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Hipercard (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
click.sfmc.itau.com.br
cloud.sfmc.itau-unibanco.com.br
image.s11.sfmc-content.com
128.245.96.204
13.111.70.13
2a02:26f0:10e::6860:5b51
2a7f30739078b5aa52a165a79901c9fe2544f9070912ac7b023d00c863ea5958
3393872e850a09de60a1298e3322aea0e9e57d9d630f39314b5fcec303062885
4c7f62d5103d4299a89adf92831ace22c06a5829cc6da3984e53893bac9de512
7a3829ab689107132e51a31a407eca7a4ecb7050d6b9ee83137b6b142c931a73