www.itafeitoparavoce.gq Open in urlscan Pro
35.231.109.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Submission: On March 15 via automatic, source openphish (March 15th 2018, 5:35:26 pm UTC)

Summary HTTP 11 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 35.231.109.134, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is www.itafeitoparavoce.gq.

This is the only time www.itafeitoparavoce.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	35.231.109.134 35.231.109.134		15169 (GOOGLE) (GOOGLE - Google LLC)
1	94.31.29.54 94.31.29.54		54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
1	94.31.29.16 94.31.29.16		54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
2	172.217.16.170 172.217.16.170		15169 (GOOGLE) (GOOGLE - Google LLC)
2	172.217.22.67 172.217.22.67		15169 (GOOGLE) (GOOGLE - Google LLC)
11	5

5 35.231.109.134 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 134.109.231.35.bc.googleusercontent.com

www.itafeitoparavoce.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.54 (United Kingdom)

ASN54104 (AS-STACKPATH - netDNA, US)
PTR: 94.31.29.54.IPYX-077437-ZYO.above.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.16 (United Kingdom)

ASN54104 (AS-STACKPATH - netDNA, US)
PTR: 94.31.29.16.IPYX-077437-ZYO.above.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.170 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f170.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.67 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f67.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	itafeitoparavoce.gq www.itafeitoparavoce.gq	50 KB
2	gstatic.com fonts.gstatic.com	21 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	11 KB
1	jquery.com code.jquery.com	38 KB
11	5

	Domain	Requested by
5	www.itafeitoparavoce.gq	www.itafeitoparavoce.gq code.jquery.com
2	fonts.gstatic.com	code.jquery.com
2	fonts.googleapis.com	www.itafeitoparavoce.gq
1	maxcdn.bootstrapcdn.com	www.itafeitoparavoce.gq
1	code.jquery.com	www.itafeitoparavoce.gq
11	5

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Frame ID: 27897958C0F9704A529ED27BFF4683E3
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

122 kB
Transfer

303 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request mobi_IIII.php Show response
www.itafeitoparavoce.gq/un/ 11 KB
3 KB 113ms
113ms Document
text/html 35.231.109.134
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 35.231.109.134 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 134.109.231.35.bc.googleusercontent.com
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.23
Resource Hash: 3c6adaa269b561c622f0c19681bddaba3d1d151bffaa2790b3394b0ca8b70edd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.itafeitoparavoce.gq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Content-Encoding: gzip
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.23
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 3191

GET
H/1.1 200
OK desco.css
www.itafeitoparavoce.gq/un/css/ 111 KB
19 KB 118ms
116ms Stylesheet
text/css 35.231.109.134
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itafeitoparavoce.gq/un/css/desco.css
Requested by: Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 35.231.109.134 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 134.109.231.35.bc.googleusercontent.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: c9cb17133e48ab718b3337d75ced921592134fccd75a30f0924bd57bd2d3df13

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.itafeitoparavoce.gq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Content-Encoding: gzip
Last-Modified: Sun, 19 Mar 2017 22:47:34 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1bd5b-54b1d32532d80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 18725

GET
H/1.1 200
OK jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
38 KB 16ms
8ms Script
application/javascript 94.31.29.54
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: http://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 94.31.29.54 , United Kingdom, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS: 94.31.29.54.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Server: NetDNA-cache/2.2
ETag: W/"54499a47-1762a"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/ 34 KB
11 KB 13ms
6ms Script
application/javascript 94.31.29.16
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: http://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js
Requested by: Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 94.31.29.16 , United Kingdom, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS: 94.31.29.16.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306

Request headers

Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 05:58:02 GMT
Server: NetDNA-cache/2.2
Connection: keep-alive
ETag: W/"281cd50dd9f58c5550620fc148a7bc39"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31104000
Transfer-Encoding: chunked
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Expires: Sun, 10 Mar 2019 17:35:15 GMT

GET
S 200 icon
fonts.googleapis.com/ 574 B
421 B 19ms
17ms Stylesheet
text/css 172.217.16.170
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php

Protocol

SPDY

Server

172.217.16.170 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f170.1e100.net

Software

ESF /

Resource Hash

9ec2c4f9d69df38605bc4e3c04d18fbb25e04b3a5a6c7ca64cd3ea4670527886

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 15 Mar 2018 17:35:15 GMT
content-encoding: gzip
last-modified: Thu, 15 Mar 2018 17:35:15 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
x-xss-protection: 1; mode=block
expires: Thu, 15 Mar 2018 17:35:15 GMT

GET
S 200 css
fonts.googleapis.com/ 4 KB
741 B 18ms
16ms Stylesheet
text/css 172.217.16.170
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php

Protocol

SPDY

Server

172.217.16.170 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f170.1e100.net

Software

ESF /

Resource Hash

0cbeef1cf3fbe7e0874802b1cb90e875f3bdbd49e2473bf73bd0efc1f2abac1d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 15 Mar 2018 17:35:15 GMT
content-encoding: gzip
last-modified: Thu, 15 Mar 2018 17:35:15 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
x-xss-protection: 1; mode=block
expires: Thu, 15 Mar 2018 17:35:15 GMT

GET
H/1.1 200
OK logo.png
www.itafeitoparavoce.gq/un/img/ 8 KB
8 KB 112ms
112ms Image
image/png 35.231.109.134
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itafeitoparavoce.gq/un/img/logo.png
Requested by: Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 35.231.109.134 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 134.109.231.35.bc.googleusercontent.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 107b6c97d3244d2421ab217986b57557deb50736b2e315fdcf939cdd8d3acb53

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.itafeitoparavoce.gq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Last-Modified: Mon, 20 Mar 2017 04:31:36 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "2026-54b2200af1a00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 8230

GET
H/1.1 200
OK one.png
www.itafeitoparavoce.gq/un/img/ 16 KB
17 KB 113ms
112ms Image
image/png 35.231.109.134
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itafeitoparavoce.gq/un/img/one.png
Requested by: Host: www.itafeitoparavoce.gq
URL: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Protocol: HTTP/1.1
Server: 35.231.109.134 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 134.109.231.35.bc.googleusercontent.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: cba1997deaab2fae9f71ccf36d47b03ccb2c764f29aebbc5adfda18428fd6c84

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.itafeitoparavoce.gq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Last-Modified: Mon, 20 Mar 2017 04:15:48 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "4117-54b21c82dc500"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 16663

GET
H/1.1 200
OK st.png
www.itafeitoparavoce.gq/un/img/ 3 KB
3 KB 114ms
114ms Image
image/png 35.231.109.134
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itafeitoparavoce.gq/un/img/st.png
Requested by: Host: code.jquery.com
URL: http://code.jquery.com/jquery-1.11.1.min.js
Protocol: HTTP/1.1
Server: 35.231.109.134 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 134.109.231.35.bc.googleusercontent.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 919b33980b4c4d3ef4e5fe34022b46826f1cb1bc68ddbc44b051cc1b2bcc873d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.itafeitoparavoce.gq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.itafeitoparavoce.gq/un/mobi_IIII.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Thu, 15 Mar 2018 17:35:15 GMT
Last-Modified: Wed, 01 Mar 2017 02:32:42 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "ca5-549a2207ac680"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 3237

GET
S 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 9ms
8ms Font
font/woff2 172.217.22.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: code.jquery.com
URL: http://code.jquery.com/jquery-1.11.1.min.js

Protocol

SPDY

Server

172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f67.1e100.net

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,700
Origin: http://www.itafeitoparavoce.gq

Response headers

date: Mon, 12 Mar 2018 18:01:44 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 257611
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
content-length: 10748
x-xss-protection: 1; mode=block
expires: Tue, 12 Mar 2019 18:01:44 GMT

GET
S 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 7ms
7ms Font
font/woff2 172.217.22.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: code.jquery.com
URL: http://code.jquery.com/jquery-1.11.1.min.js

Protocol

SPDY

Server

172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f67.1e100.net

Software

sffe /

Resource Hash

1be216dbc059d96e288b0c1f399a1a80ee8c65e4c1272dbc4574bd6d23cf45d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,700
Origin: http://www.itafeitoparavoce.gq

Response headers

date: Thu, 08 Feb 2018 17:50:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:03 GMT
server: sffe
age: 3023099
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
content-length: 10764
x-xss-protection: 1; mode=block
expires: Fri, 08 Feb 2019 17:50:16 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| jQuery111108843241443719798 function| xlxixmxixtxcxcx function| enviardados function| proximoCampo

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.itafeitoparavoce.gq
172.217.16.170
172.217.22.67
35.231.109.134
94.31.29.16
94.31.29.54
0cbeef1cf3fbe7e0874802b1cb90e875f3bdbd49e2473bf73bd0efc1f2abac1d
107b6c97d3244d2421ab217986b57557deb50736b2e315fdcf939cdd8d3acb53
1be216dbc059d96e288b0c1f399a1a80ee8c65e4c1272dbc4574bd6d23cf45d9
3c6adaa269b561c622f0c19681bddaba3d1d151bffaa2790b3394b0ca8b70edd
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
919b33980b4c4d3ef4e5fe34022b46826f1cb1bc68ddbc44b051cc1b2bcc873d
9ec2c4f9d69df38605bc4e3c04d18fbb25e04b3a5a6c7ca64cd3ea4670527886
c9cb17133e48ab718b3337d75ced921592134fccd75a30f0924bd57bd2d3df13
cba1997deaab2fae9f71ccf36d47b03ccb2c764f29aebbc5adfda18428fd6c84