cloud.sfmc.itau-unibanco.com.br

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 13.111.70.13, located in United States and belongs to EXACT-7, US. The main domain is cloud.sfmc.itau-unibanco.com.br. The Cisco Umbrella rank of the primary domain is 682693.

This is the only time cloud.sfmc.itau-unibanco.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Hipercard (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	128.245.96.204 128.245.96.204	14340 (SALESFORCE) (SALESFORCE)
3	13.111.70.13 13.111.70.13	22606 (EXACT-7) (EXACT-7)
1	2a02:26f0:10e... 2a02:26f0:10e::6860:5b51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2

1 128.245.96.204 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: click.sfmc.itau.com.br

click.sfmc.itau.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.111.70.13 (United States)

ASN22606 (EXACT-7, US)
PTR: pub.s11.exacttarget.com

cloud.sfmc.itau-unibanco.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10e::6860:5b51 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

image.s11.sfmc-content.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	itau-unibanco.com.br cloud.sfmc.itau-unibanco.com.br — Cisco Umbrella Rank: 682693	4 KB
1	sfmc-content.com image.s11.sfmc-content.com — Cisco Umbrella Rank: 50053	197 KB
1	itau.com.br 1 redirects click.sfmc.itau.com.br — Cisco Umbrella Rank: 320611	546 B
4	3

	Domain	Requested by
3	cloud.sfmc.itau-unibanco.com.br	cloud.sfmc.itau-unibanco.com.br
1	image.s11.sfmc-content.com	cloud.sfmc.itau-unibanco.com.br
1	click.sfmc.itau.com.br	1 redirects
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.image.s11.sfmc-content.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-06` - `2022-10-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5
Frame ID: 515608A62E3B842B421A3451F968A96D
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hipercard

Page URL History Show full URLs

https://click.sfmc.itau.com.br/?qs=c18236d6b380f62eb4c3557ac8ada01ef48174550cdfed9ff41ef195497c6fffeb3ca973... HTTP 302
http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87... Page URL

Page Statistics

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

201 kB
Transfer

208 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.sfmc.itau.com.br/?qs=c18236d6b380f62eb4c3557ac8ada01ef48174550cdfed9ff41ef195497c6fffeb3ca973e722f074bb5506127cf92dc807c16392b89a21aa6d97bdbebd75a5ef HTTP 302
http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request descadastro_hipercard_v2 Show response cloud.sfmc.itau-unibanco.com.br/ Redirect Chain https://click.sfmc.itau.com.br/?qs=c18236d6b380f62eb4c3557ac8ada01ef48174550cdfed9ff41ef195497c6fffeb3ca973e722f074bb5506127cf92dc807c16392b89a21aa6d97bdbebd75a5ef http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56...	5 KB 2 KB	447ms 183ms	Document text/html	13.111.70.13 EXACT-7
General Check archive.org Show headers Download Go to Full URL http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Protocol HTTP/1.1 Server 13.111.70.13 , United States, ASN22606 (EXACT-7, US), Reverse DNS pub.s11.exacttarget.com Software / Resource Hash `4c7f62d5103d4299a89adf92831ace22c06a5829cc6da3984e53893bac9de512` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache Connection close Content-Encoding gzip Content-Length 1619 Content-Type text/html; charset=utf-8 Date Mon, 15 Aug 2022 18:13:28 GMT Expires -1 Pragma no-cache Redirect headers Cache-Control private Connection close Content-Length 488 Content-Type text/html; charset=utf-8 Date Mon, 15 Aug 2022 18:13:28 GMT Location http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5
GET H/1.1	200 OK	css_centro_de_preferencias_hiper cloud.sfmc.itau-unibanco.com.br/	6 KB 2 KB	165ms 164ms	Stylesheet text/css	13.111.70.13 EXACT-7
General Check archive.org Show headers Download Go to Full URL http://cloud.sfmc.itau-unibanco.com.br/css_centro_de_preferencias_hiper Requested by Host: cloud.sfmc.itau-unibanco.com.br URL: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Protocol HTTP/1.1 Server 13.111.70.13 , United States, ASN22606 (EXACT-7, US), Reverse DNS pub.s11.exacttarget.com Software / Resource Hash `3393872e850a09de60a1298e3322aea0e9e57d9d630f39314b5fcec303062885` Request headers accept-language de-DE,de;q=0.9 Referer http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Mon, 15 Aug 2022 18:13:28 GMT Content-Encoding gzip Content-Type text/css; charset=utf-8 Cache-Control no-cache Connection close Content-Length 2058 Expires -1
GET H/1.1	200 OK	2dac11b7-40c6-40f7-9d7e-a496613f8360.png image.s11.sfmc-content.com/lib/fe2f117171640578711375/m/1/	197 KB 197 KB	609ms 213ms	Image image/png	2a02:26f0:10e::6860:5b51 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://image.s11.sfmc-content.com/lib/fe2f117171640578711375/m/1/2dac11b7-40c6-40f7-9d7e-a496613f8360.png Requested by Host: cloud.sfmc.itau-unibanco.com.br URL: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:10e::6860:5b51 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash `2a7f30739078b5aa52a165a79901c9fe2544f9070912ac7b023d00c863ea5958` Request headers accept-language de-DE,de;q=0.9 Referer http://cloud.sfmc.itau-unibanco.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 18:13:29 GMT Last-Modified Mon, 10 May 2021 14:47:06 GMT Server AkamaiNetStorage ETag "b4dce3d97a330a210871506bd659fe7a:1620658026.842956" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 201629
GET H/1.1	410 Gone	_t cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2/	35 B 35 B	258ms 130ms	Image text/html	13.111.70.13 EXACT-7
General Check archive.org Show headers Download Go to Show image Full URL http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2/_t?eventType=CLOUDPAGESVISIT Requested by Host: cloud.sfmc.itau-unibanco.com.br URL: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 Protocol HTTP/1.1 Server 13.111.70.13 , United States, ASN22606 (EXACT-7, US), Reverse DNS pub.s11.exacttarget.com Software / Resource Hash `7a3829ab689107132e51a31a407eca7a4ecb7050d6b9ee83137b6b142c931a73` Request headers accept-language de-DE,de;q=0.9 Referer http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2?qs=210545ca602d165a64c3fbc6a755f449b8652a14ad8caa87e59a7447c1038540a008e16e2b9cf58e470e1bc85c730078c776542fd248786de65329670be7bddf56f9c86fac33e9e023ee3f54acdda51914a7f7e9df212a48073e88c8dcb2449d78e634e17349468a88b9d0c7348d6e61a7a14d122c1df81e6c5c79ba2bf1a21cd9e91fd77fa53e90ab4cfcc49c69ca29bf3105d2dc5037c5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Mon, 15 Aug 2022 18:13:28 GMT Cache-Control private Connection close Content-Length 35 Content-Type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Hipercard (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://cloud.sfmc.itau-unibanco.com.br/descadastro_hipercard_v2/_t?eventType=CLOUDPAGESVISIT Message: Failed to load resource: the server responded with a status of 410 (Gone)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.sfmc.itau.com.br
cloud.sfmc.itau-unibanco.com.br
image.s11.sfmc-content.com
128.245.96.204
13.111.70.13
2a02:26f0:10e::6860:5b51
2a7f30739078b5aa52a165a79901c9fe2544f9070912ac7b023d00c863ea5958
3393872e850a09de60a1298e3322aea0e9e57d9d630f39314b5fcec303062885
4c7f62d5103d4299a89adf92831ace22c06a5829cc6da3984e53893bac9de512
7a3829ab689107132e51a31a407eca7a4ecb7050d6b9ee83137b6b142c931a73

cloud.sfmc.itau-unibanco.com.br Open in urlscan Pro 13.111.70.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

25 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

201 kBTransfer

208 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

cloud.sfmc.itau-unibanco.com.br Open in urlscan Pro
13.111.70.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

201 kB
Transfer

208 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!