itau.segurancacliente.com
Open in
urlscan Pro
2606:4700:3032::6815:35c6
Malicious Activity!
Public Scan
Effective URL: https://itau.segurancacliente.com/desktop/index.php
Submission: On September 08 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by E1 on August 26th 2022. Valid for: 3 months.
This is the only time itau.segurancacliente.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 2606:4700:303... 2606:4700:3032::6815:35c6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
segurancacliente.com
1 redirects
itau.segurancacliente.com |
406 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
12 | itau.segurancacliente.com |
1 redirects
itau.segurancacliente.com
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.segurancacliente.com E1 |
2022-08-26 - 2022-11-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://itau.segurancacliente.com/desktop/index.php
Frame ID: D59DA64BB9550032800E7D8AFB94CE41
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
HomePage URL History Show full URLs
-
http://itau.segurancacliente.com/
HTTP 302
https://itau.segurancacliente.com/desktop/index.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://itau.segurancacliente.com/
HTTP 302
https://itau.segurancacliente.com/desktop/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
itau.segurancacliente.com/desktop/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.css
itau.segurancacliente.com/desktop/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
itau.segurancacliente.com/desktop/js/ |
30 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
itau.segurancacliente.com/desktop/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
itau.segurancacliente.com/desktop/img/ |
135 KB 136 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flechabw.png
itau.segurancacliente.com/desktop/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bgk.png
itau.segurancacliente.com/desktop/img/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
carossel.png
itau.segurancacliente.com/desktop/img/ |
40 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
itau.segurancacliente.com/desktop/img/ |
51 KB 51 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btncad.jpg
itau.segurancacliente.com/desktop/img/ |
17 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bacgrkoundhome.jpg
itau.segurancacliente.com/desktop/img/ |
117 KB 118 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| nextcamp function| entrou1 function| get_XmlHttp undefined| myVar function| clearcomando function| myTimer function| Sendlogin function| login0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
itau.segurancacliente.com
2606:4700:3032::6815:35c6
4b4e5615009a01b9dc1c7372569c28b8ba705e2d1544692821fbe32d66a3f9e6
52f216bb57d122e64c4c40f2bd460c503bdb98ae89746903cb69db442000db80
60664c57899216e7debcb052dfb83f5701c7e18f139661d394732d16f35f8c58
61e9f6cd67a40ee41f5b9161ac6db67e51540db50b70d3f876781e43b1685bd4
92d0fa0560933a2519bbab6cd96e637cdae4bf9bafbbb33c2feeba02112098b1
a2ddc7152d7d5ba4d21d6f38b64d138eb9d75700a6d4dc37775318851574a2ba
d54e6126a8bc275e0068272ce7af408669eae3715053b63233d6bbe4fd0a8e5d
dd9fec2bfccf637be42d553d586cfc4e734f1f741a4317fc0a494e054dc1a9c6
de6a0aed3659ea07b73d859501951a188447e0c432e2c4bbb2dd3a084b04f65b
fec2c8434d4a82dcb960063d3ce855ce37dbed5e5d8c2bb02edad5e8bc60b4f7
fffc91b5a28f2e55ff956b0e2a77fb509c47eb32dd06983fe5735d39ec9a86d3