itau-internetbkn.wpdevcloud.com
Open in
urlscan Pro
2607:1b00:93b2:e42c::b6bc
Malicious Activity!
Public Scan
Submission: On April 02 via automatic, source openphish
Summary
TLS certificate: Issued by RapidSSL RSA CA 2018 on October 3rd 2019. Valid for: 2 years.
This is the only time itau-internetbkn.wpdevcloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 2607:1b00:93b... 2607:1b00:93b2:e42c::b6bc | 54456 (CLOUDACCE...) (CLOUDACCESS-NETWORK) | |
13 | 1 |
ASN54456 (CLOUDACCESS-NETWORK, US)
itau-internetbkn.wpdevcloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wpdevcloud.com
itau-internetbkn.wpdevcloud.com |
93 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
13 | itau-internetbkn.wpdevcloud.com |
itau-internetbkn.wpdevcloud.com
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wpdevcloud.com RapidSSL RSA CA 2018 |
2019-10-03 - 2021-10-02 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/index.php?app=https://www.itau.com.br/acesso/seguranca/sincronismo
Frame ID: 76800C93B61995357B36CFBCAEC4612E
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop.inicial.css
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/ |
3 KB 929 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_tipo_inicial.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_logo.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_menu.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_busca.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_barra.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
125 B 359 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_opcoes_acesso.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_background_textareas.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
388 B 622 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_banner_inicial.jpg
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_background_top_inicial.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
124 B 358 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_background_buttom_inicial.png
itau-internetbkn.wpdevcloud.com/wp-includes/ID3/1A/desktop/files/images/ |
339 B 573 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| NextImputText function| ExecFormatMaskInputs function| ExecValidatesDesktop function| BlockOthers0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
itau-internetbkn.wpdevcloud.com
2607:1b00:93b2:e42c::b6bc
0c489fc6a4d1005640a88bfc3f670615236d9a28f2d024a309a5967502be49ac
0dbb25abf5600dca4be03f2e535da1b534103d4d4af44278f0104407b342811b
2405bdf4c255a4904671bcc4b97938033d39b3f5f20dd068985a8d94cde273e2
63f9ddf642614d11c4bf6adf4dfa1c15e28d18104a43b91b6eecb4c198a0a3cb
653b0e9792fac333605372585abc0d6882d7c2d76108f9e88fa71f2cf47d6190
7601b955ae20d2c34e6a922fa899379cd881e0d30255231b4dd2aa1a21f4c564
77bc43dbe66ab0cd33542798d91f80a347d596bd00a9935e709fc9893cb287f0
7bcaf52da9f7eb22872ec50453ae771b4c04f3a4fd48a0b961a9612733b081ac
90bc5361a7e554109a40bcefbdd7ecc219cd0dc8f052fe1546f07f294408d083
b6eff16e085f830bac161e509236fafc69149c0ecc60b79089a8c10bc4e9f51b
c73beb2b79a13965b1c5e94ff09d451972aa3eaaf741e21d79a3fab55773328b
d6711f453b80ff238599ecb1bacd0a5cb66914e1ae16563ac4e0a48273af3fea
e91799b7284a38329cd32104af08a6520138ff1fc1cea51529bf32c96322ebbf