www.itau.com.br.us.to Open in urlscan Pro
93.157.62.90 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.itau.com.br.us.to/login.php
Effective URL:
https://www.itau.com.br.us.to/login.php
Submission: On June 09 via automatic, source openphish (June 9th 2020, 12:37:20 am UTC)

Summary HTTP 17 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 93.157.62.90, located in Russian Federation and belongs to NFORCE, NL. The main domain is www.itau.com.br.us.to.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 5th 2020. Valid for: 3 months.

This is the only time www.itau.com.br.us.to was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	93.157.62.90 93.157.62.90	43350 (NFORCE) (NFORCE)
16	23.37.43.25 23.37.43.25	16625 (AKAMAI-AS) (AKAMAI-AS)
17	2

2 93.157.62.90 (Russian Federation) 1 redirects

ASN43350 (NFORCE, NL)
PTR: eop-nam86.prod.protection.inmarketanalytics.com

www.itau.com.br.us.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.37.43.25 (Netherlands)

ASN16625 (AKAMAI-AS, US)

estatico.itau.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	itau.com.br estatico.itau.com.br	1 MB
2	us.to 1 redirects www.itau.com.br.us.to	4 KB
17	2

	Domain	Requested by
16	estatico.itau.com.br	www.itau.com.br.us.to estatico.itau.com.br
2	www.itau.com.br.us.to	1 redirects
17	2

This site contains links to these domains. Also see Links.

Domain
www.itau.com.br
guardiao.itau.com.br
itau.com.br
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.itau.com.br.us.to Let's Encrypt Authority X3	`2020-06-05` - `2020-09-03`	3 months	crt.sh
www.itau.com.br GeoTrust RSA CA 2018	`2020-03-20` - `2021-06-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.itau.com.br.us.to/login.php
Frame ID: 1AE2932E30D7D026229323A52C0D1C0D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.itau.com.br.us.to/login.php HTTP 301
https://www.itau.com.br.us.to/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1324 kB
Transfer

4088 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.itau.com.br/computador/
Title: saiba mais

Search URL Search Domain Scan URL

URL: https://guardiao.itau.com.br/UpdateServer/aplicativoitau.msi
Title: instalar

Search URL Search Domain Scan URL

URL: http://itau.com.br/sobre/
Title: Sobre o Itaú

Search URL Search Domain Scan URL

URL: http://itau.com.br/seguranca/
Title: Mais segurança

Search URL Search Domain Scan URL

URL: http://itau.com.br/atendimento/
Title: Precisa de ajuda?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/itau

Search URL Search Domain Scan URL

URL: https://twitter.com/itau

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/BancoItau

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.itau.com.br.us.to/login.php HTTP 301
https://www.itau.com.br.us.to/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set login.php Show response www.itau.com.br.us.to/ Redirect Chain http://www.itau.com.br.us.to/login.php https://www.itau.com.br.us.to/login.php	11 KB 4 KB	138ms 33ms	Document text/html	93.157.62.90 NFORCE
General Check archive.org Show headers Download Go to Full URL https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 93.157.62.90 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS eop-nam86.prod.protection.inmarketanalytics.com Software nginx / PHP/5.3.3 Resource Hash `d96e092417912f5881be71800a3e4c594b636d799228303bca655e6331a51d1c` Request headers Host www.itau.com.br.us.to Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx Date Mon, 08 Jun 2020 22:35:51 GMT Content-Type text/html Transfer-Encoding chunked Connection close X-Powered-By PHP/5.3.3 Set-Cookie agencia=deleted; expires=Sun, 09-Jun-2019 22:35:50 GMT conta=- Content-Encoding gzip Redirect headers Server nginx Date Mon, 08 Jun 2020 22:35:51 GMT Content-Type text/html Content-Length 162 Connection keep-alive Location https://www.itau.com.br.us.to/login.php
GET H/1.1	200 OK	normalize.css estatico.itau.com.br/ibanking/commons/css/	8 KB 4 KB	127ms 34ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/normalize.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `b5da2535938d1f28235c349dfd95e602eab8e837b885c8fc5459818b28897917` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "626e1-1e37-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72657 Connection keep-alive Accept-Ranges bytes Content-Length 3333 Expires Tue, 09 Jun 2020 20:47:40 GMT
GET H/1.1	200 OK	bootstrap.min_161019.css estatico.itau.com.br/ibanking/commons/css/	203 KB 29 KB	145ms 52ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/bootstrap.min_161019.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `df81555903269b534df2fc03456df06262033741338bb9293db14175fc978b38` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Wed, 16 Oct 2019 19:36:39 GMT ETag "1024a1-32d19-5950c38399fc0" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72680 Connection keep-alive Accept-Ranges bytes Content-Length 28833 Expires Tue, 09 Jun 2020 20:48:03 GMT
GET H/1.1	200 OK	acessibilidade-novainternet_051119.css estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/	55 KB 11 KB	128ms 36ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/acessibilidade-novainternet_051119.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `4a491bb28773d9f68ab5c3c65741aa1b0de90f3869f336cb068d3846898ca270` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 05 Nov 2019 23:58:57 GMT ETag "1211a4-dddd-596a2371bf240" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72677 Connection keep-alive Accept-Ranges bytes Content-Length 10672 Expires Tue, 09 Jun 2020 20:48:00 GMT
GET H/1.1	200 OK	angularjs-iwebcomponents-pf.css estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/	280 KB 141 KB	136ms 43ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/angularjs-iwebcomponents-pf.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `5b0c6d201599f75aa757f23b9ea21c836a844b3fb3896544d8914a24023b674f` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "a046f-4603a-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72646 Connection keep-alive Accept-Ranges bytes Content-Length 144505 Expires Tue, 09 Jun 2020 20:47:29 GMT
GET H/1.1	200 OK	itau-style.css estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/	404 KB 83 KB	146ms 53ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/itau-style.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `03153f390c51b94da9f8377d25bf8c17fbfc8d10216104f8a8c6282aadfedf81` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "1211a3-650d4-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72586 Connection keep-alive Accept-Ranges bytes Content-Length 84824 Expires Tue, 09 Jun 2020 20:46:29 GMT
GET H/1.1	200 OK	itau-header.css estatico.itau.com.br/ibanking/commons/css/	62 KB 12 KB	136ms 41ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/itau-header.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `dcb3b74842eff1cf9479b9578b75d5841113479809407d799d847b321c86e94f` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "626f5-f6ae-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72620 Connection keep-alive Accept-Ranges bytes Content-Length 11706 Expires Tue, 09 Jun 2020 20:47:03 GMT
GET H/1.1	200 OK	itau-footer.css estatico.itau.com.br/ibanking/commons/css/	4 KB 1 KB	161ms 34ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/itau-footer.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `93622f43a63e42bf97f01bb7010e660412f54c4d5d3d6f84ce50333beebc8fad` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "1020a6-ed8-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72644 Connection keep-alive Accept-Ranges bytes Content-Length 1052 Expires Tue, 09 Jun 2020 20:47:27 GMT
GET H/1.1	200 OK	chosen.css estatico.itau.com.br/ibanking/commons/css/chosen/	13 KB 3 KB	170ms 33ms	Stylesheet text/css	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/commons/css/chosen/chosen.css Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `538818d855c973751510b1d7923c1d784c02c83d88924616aa397a9ee96c7a4a` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 02 Jun 2020 14:59:48 GMT ETag "101f7a-3251-5a71b29a22100" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=72635 Connection keep-alive Accept-Ranges bytes Content-Length 2754 Expires Tue, 09 Jun 2020 20:47:18 GMT
GET H/1.1	200 OK	libs.js Show response estatico.itau.com.br/ibanking/distribution/libs/1.0.33/	3 MB 797 KB	180ms 43ms	Script text/javascript	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/distribution/libs/1.0.33/libs.js Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `95d5af37c95ec724b78c3ed80e0ab5990bbe1550038be64f9ad671690964dc5b` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Fri, 06 Mar 2020 16:07:47 GMT ETag "be3-281339-5a031dab9bac0" Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=74911 Connection keep-alive Accept-Ranges bytes Content-Length 816121 Expires Tue, 09 Jun 2020 21:25:14 GMT
GET H/1.1	200 OK	front.js Show response estatico.itau.com.br/ibanking/distribution/front/1.1.1/	332 KB 86 KB	188ms 38ms	Script text/javascript	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://estatico.itau.com.br/ibanking/distribution/front/1.1.1/front.js Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `f04eaa27c9555248f6d3a0c02b551d878797415342114e275f342fde652014fb` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Content-Encoding gzip Last-Modified Tue, 31 Mar 2020 21:31:53 GMT ETag "a0590-52f19-5a22d4bd48440" Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=72684 Connection keep-alive Accept-Ranges bytes Content-Length 87374 Expires Tue, 09 Jun 2020 20:48:07 GMT
GET H/1.1	200 OK	logo-itau.png estatico.itau.com.br/ibanking/commons/img/	6 KB 7 KB	36ms 35ms	Image image/png	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/logo-itau.png Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `0c489fc6a4d1005640a88bfc3f670615236d9a28f2d024a309a5967502be49ac` Request headers Referer https://www.itau.com.br.us.to/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:51 GMT ETag "1014ed-19f6-5a71b29cfe7c0" Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=72679 Connection keep-alive Accept-Ranges bytes Content-Length 6646 Expires Tue, 09 Jun 2020 20:48:02 GMT
GET H/1.1	200 OK	bg-itau.gif estatico.itau.com.br/ibanking/commons/img/	22 KB 22 KB	38ms 37ms	Image image/gif	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/bg-itau.gif Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `4de407fc76d38586d90abfe4dae2528b49066ba4745db0c38fa78c99c939f8e8` Request headers Referer https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/itau-style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:49 GMT ETag "610c3-589e-5a71b29b16340" Content-Type image/gif Access-Control-Allow-Origin * Cache-Control max-age=72635 Connection keep-alive Accept-Ranges bytes Content-Length 22686 Expires Tue, 09 Jun 2020 20:47:18 GMT
GET H/1.1	200 OK	stroke-internet_computador-45x45.png estatico.itau.com.br/ibanking/commons/img/icones/warning/laranja/	1 KB 1 KB	35ms 34ms	Image image/png	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/icones/warning/laranja/stroke-internet_computador-45x45.png Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `0edc35ba4d8865809fb961815d1161fbf8ba2c3913c8af1084e2d6913217c1d1` Request headers Referer https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/itau-style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:50 GMT ETag "6227a-4b1-5a71b29c0a580" Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=73392 Connection keep-alive Accept-Ranges bytes Content-Length 1201 Expires Tue, 09 Jun 2020 20:59:55 GMT
GET H/1.1	200 OK	sprite-icon-peq.png estatico.itau.com.br/ibanking/commons/img/	118 KB 118 KB	34ms 33ms	Image image/png	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/sprite-icon-peq.png Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `5977c3dbce96535178589debd3760c749cf49a68ee3d20d9b5ff398ae002c78e` Request headers Referer https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/itau-style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:51 GMT ETag "101eef-1d86a-5a71b29cfe7c0" Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=72722 Connection keep-alive Accept-Ranges bytes Content-Length 120938 Expires Tue, 09 Jun 2020 20:48:45 GMT
GET H/1.1	200 OK	bullet-default.png estatico.itau.com.br/ibanking/commons/img/	946 B 1 KB	33ms 33ms	Image image/png	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/bullet-default.png Requested by Host: www.itau.com.br.us.to URL: https://www.itau.com.br.us.to/login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `e4dab87b71e063c9460592c99ac38a8471ba8a6e5251d0bb08bc66af5be0f1dc` Request headers Referer https://estatico.itau.com.br/ibanking/commons/css/pessoa-fisica/itau-style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:49 GMT ETag "61143-3b2-5a71b29b16340" Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=72608 Connection keep-alive Accept-Ranges bytes Content-Length 946 Expires Tue, 09 Jun 2020 20:46:51 GMT
GET H/1.1	200 OK	sprite-social.png estatico.itau.com.br/ibanking/commons/img/	3 KB 3 KB	35ms 34ms	Image image/png	23.37.43.25 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://estatico.itau.com.br/ibanking/commons/img/sprite-social.png Requested by Host: estatico.itau.com.br URL: https://estatico.itau.com.br/ibanking/distribution/libs/1.0.33/libs.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.43.25 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS Software / Resource Hash `7c39a17d06e60246090b71f94008de8ef7bcd2ad59189376f02e3273ae9e9de4` Request headers Referer https://estatico.itau.com.br/ibanking/commons/css/itau-footer.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Jun 2020 00:36:43 GMT Last-Modified Tue, 02 Jun 2020 14:59:51 GMT ETag "611ea-af8-5a71b29cfe7c0" Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=72701 Connection keep-alive Accept-Ranges bytes Content-Length 2808 Expires Tue, 09 Jun 2020 20:48:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

158 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.itau.com.br.us.to/	1969-12-31 23:59:59	Name: conta Value: -

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

estatico.itau.com.br
www.itau.com.br.us.to
23.37.43.25
93.157.62.90
03153f390c51b94da9f8377d25bf8c17fbfc8d10216104f8a8c6282aadfedf81
0c489fc6a4d1005640a88bfc3f670615236d9a28f2d024a309a5967502be49ac
0edc35ba4d8865809fb961815d1161fbf8ba2c3913c8af1084e2d6913217c1d1
4a491bb28773d9f68ab5c3c65741aa1b0de90f3869f336cb068d3846898ca270
4de407fc76d38586d90abfe4dae2528b49066ba4745db0c38fa78c99c939f8e8
538818d855c973751510b1d7923c1d784c02c83d88924616aa397a9ee96c7a4a
5977c3dbce96535178589debd3760c749cf49a68ee3d20d9b5ff398ae002c78e
5b0c6d201599f75aa757f23b9ea21c836a844b3fb3896544d8914a24023b674f
7c39a17d06e60246090b71f94008de8ef7bcd2ad59189376f02e3273ae9e9de4
93622f43a63e42bf97f01bb7010e660412f54c4d5d3d6f84ce50333beebc8fad
95d5af37c95ec724b78c3ed80e0ab5990bbe1550038be64f9ad671690964dc5b
b5da2535938d1f28235c349dfd95e602eab8e837b885c8fc5459818b28897917
d96e092417912f5881be71800a3e4c594b636d799228303bca655e6331a51d1c
dcb3b74842eff1cf9479b9578b75d5841113479809407d799d847b321c86e94f
df81555903269b534df2fc03456df06262033741338bb9293db14175fc978b38
e4dab87b71e063c9460592c99ac38a8471ba8a6e5251d0bb08bc66af5be0f1dc
f04eaa27c9555248f6d3a0c02b551d878797415342114e275f342fde652014fb

www.itau.com.br.us.to Open in urlscan Pro 93.157.62.90 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1324 kBTransfer

4088 kBSize

1 Cookies

8 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

158 JavaScript Global Variables

1 Cookies

Indicators

www.itau.com.br.us.to Open in urlscan Pro
93.157.62.90 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1324 kB
Transfer

4088 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!