urlscan.io logo urlscan.io
SecurityTrails logo

www.millennium-secure-verification-cod.rlweb.com.br Open in urlscan Pro
162.221.187.186  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Submission: On September 07 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 162.221.187.186, located in Orlando, United States and belongs to DIMENOC, US. The main domain is www.millennium-secure-verification-cod.rlweb.com.br.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 7th 2020. Valid for: 3 months.
This is the only time www.millennium-secure-verification-cod.rlweb.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank Millenium (Banking)

Domain & IP information

IP Address AS Autonomous System
16 162.221.187.186 33182 (DIMENOC)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 193.201.167.115 25055 (BBG-PL-AS)
19 3
Domain Requested by
16 www.millennium-secure-verification-cod.rlweb.com.br www.millennium-secure-verification-cod.rlweb.com.br
3 wt.bankmillennium.pl 1 redirects www.millennium-secure-verification-cod.rlweb.com.br
1 fonts.googleapis.com www.millennium-secure-verification-cod.rlweb.com.br
19 3

This site contains links to these domains. Also see Links.

Domain
www.bankmillennium.pl
Subject Issuer Validity Valid
millennium-secure-verification-cod.rlweb.com.br
cPanel, Inc. Certification Authority		 2020-09-07 -
2020-12-06		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
wt.bankmillennium.pl
GeoTrust RSA CA 2018		 2020-03-23 -
2022-04-22		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.millennium-secure-verification-cod.rlweb.com.br/
Frame ID: C77140FC466920D49A5946384C039CB5
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

3863 kB
Transfer

3886 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqry=%3Fnode=Login_MulticodeRequest&sp=1&WT.tz=2&WT.bh=23&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Logowanie%20-%20Bank%20Millennium&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=1&WT.es=www.millennium-secure-verification-cod.rlweb.com.br/&WT.vt_f_a=2&WT.vt_f=2&lang=PL HTTP 303
  • https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?dcsredirect=1&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqry=%3Fnode=Login_MulticodeRequest&sp=1&WT.tz=2&WT.bh=23&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Logowanie%20-%20Bank%20Millennium&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=1&WT.es=www.millennium-secure-verification-cod.rlweb.com.br/&WT.vt_f_a=2&WT.vt_f=2&lang=PL

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.millennium-secure-verification-cod.rlweb.com.br/ 		131 KB
131 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
cec872afd25546cd6d68d03c4d3b55a0f8b311f54454bd287470ee2ebfd18257

Request headers

Host
www.millennium-secure-verification-cod.rlweb.com.br
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:26 GMT
Server
Apache
Last-Modified
Sun, 06 Sep 2020 17:07:10 GMT
ETag
"78e0c68-20abd-5aea821e5cb80"
Accept-Ranges
bytes
Content-Length
133821
Keep-Alive
timeout=3, max=500
Connection
Keep-Alive
Content-Type
text/html
jquery.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		1015 KB
1016 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/jquery.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
142bae13ed3aa552af239f58ae7e6cf8ff0f186daa1cb544455ba4c2e40c438f

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:48 GMT
Server
Apache
ETag
"78e15a7-fdcf7-5aea7c006dd00"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=499
Content-Length
1039607
WebResource.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/WebResource.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
c54e7b07d263c65695f5256000e59e601c403da19dae63d105f31fe8a86dcb40

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:50 GMT
Server
Apache
ETag
"78e15a5-10f00c-5aea7c0256180"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=499
Content-Length
1110028
WebResource2.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/WebResource2.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
35d813e374c5c582e9846b71f39199912a85b1652bfa03a19bb7e33590e81cdd

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:50 GMT
Server
Apache
ETag
"78e1599-11059a-5aea7c0256180"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=500
Content-Length
1115546
Script.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
d986183f02501f64d6bac90be7c73ad27f91fbd82a2ccf082d276378d1043fb0

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:54 GMT
Server
Apache
ETag
"78e15a4-485-5aea7c0626a80"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=500
Content-Length
1157
Script2.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		13 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script2.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
51584e115c173523d82c30e541d419de2e45423c181eac68b3561b0bd67131bd

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:54 GMT
Server
Apache
ETag
"78e159d-330a-5aea7c0626a80"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=500
Content-Length
13066
Script3.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script3.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
dbb1c732fcde3f2d3d52e817e1582d8e185ce7a8697928dd34d66780f84d4a15

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:52 GMT
Server
Apache
ETag
"78e159b-2eef-5aea7c043e600"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=500
Content-Length
12015
Script4.css
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		205 KB
205 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script4.css
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
34b512fedf7c51bf90a2ca0b668ae944a3910088a7e2d0fb499589e1f7c21a8b

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:27 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:52 GMT
Server
Apache
ETag
"78e159a-33334-5aea7c043e600"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=499
Content-Length
209716
css2
fonts.googleapis.com/ 		30 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7589e86ab13dfda1eb97faa2cbae63b1bd5600ad780d08feb8dd864b057f466d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 07 Sep 2020 21:05:57 GMT
server
ESF
date
Mon, 07 Sep 2020 21:59:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 07 Sep 2020 21:59:27 GMT
Logo@1x.png
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Images/Login/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Images/Login/Logo@1x.png
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
bb0059e1aa177fc2cd1b0a1fb3ffa283a60b13ee985e400b00a6791adf28d3f7

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:56 GMT
Server
Apache
ETag
"78e15ab-f33-5aea7c080ef00"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=500
Content-Length
3891
Logo@2x.png
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Images/Login/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Images/Login/Logo@2x.png
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
436609738417e32a22105cf07cadebabde9df366054b20540e135eb6599ef144

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:56 GMT
Server
Apache
ETag
"78e15ad-1e2d-5aea7c080ef00"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=497
Content-Length
7725
Script.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		54 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
7933a007fdc559af07f285c715d81b2b9cf8bcd65bbef4799c71528b870e163b

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:54 GMT
Server
Apache
ETag
"78e159f-d89a-5aea7c0626a80"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=499
Content-Length
55450
Script2.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		24 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script2.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
3c06d4b0aa913d37163cd1bcba4972e7c5e491977bb250c909479359ff5cdd28

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:54 GMT
Server
Apache
ETag
"78e15a2-60c3-5aea7c0626a80"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=498
Content-Length
24771
Script3.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script3.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
a23239d81276e94f76b13b5f5949d700f555e8dd9d2a9888732870f58cac4737

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:52 GMT
Server
Apache
ETag
"78e15a6-7a9-5aea7c043e600"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=498
Content-Length
1961
Script4.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		52 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script4.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
22879ad6c25054c595493e26ba62d96adb867e100aebfb5f5a20321cb0cf06cc

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:52 GMT
Server
Apache
ETag
"78e1593-cf8c-5aea7c043e600"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=498
Content-Length
53132
Script5.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		163 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/Script5.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
843257bd9f9a9f2d33ff26087562f4ca74328155874f9dedf1826153a5770b88

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:52 GMT
Server
Apache
ETag
"78e1598-28a79-5aea7c043e600"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=498
Content-Length
166521
WebResource.js
www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/ 		57 B
345 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/WebResource.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.221.187.186 Orlando, United States, ASN33182 (DIMENOC, US),
Reverse DNS
server.dedicadomvf3.com
Software
Apache /
Resource Hash
c2790c63c364bc0f6117a0886ace86ae0f4f72c8acaa37aa6ccc6cf2778bba0e

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Sun, 06 Sep 2020 16:39:50 GMT
Server
Apache
ETag
"78e1596-39-5aea7c0256180"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=499
Content-Length
57
wtid.js
wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/ 		66 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/wtid.js
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/osobiste2/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.201.167.115 Karczew, Poland, ASN25055 (BBG-PL-AS, PL),
Reverse DNS
www.wt.bankmillennium.pl
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8b46e13520119482b14b400ba01a5d677415e10a972322f02c38606c092771e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Mon, 07 Sep 2020 21:59:28 GMT
X-wtid
sent
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
no-cache
Connection
close
Content-Length
66
Expires
-1
dcs.gif
wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/
Redirect Chain
  • https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqry=%3Fnode=Log...
  • https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?dcsredirect=1&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqr...
43 B
573 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wt.bankmillennium.pl/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?dcsredirect=1&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqry=%3Fnode=Login_MulticodeRequest&sp=1&WT.tz=2&WT.bh=23&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Logowanie%20-%20Bank%20Millennium&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=1&WT.es=www.millennium-secure-verification-cod.rlweb.com.br/&WT.vt_f_a=2&WT.vt_f=2&lang=PL
Requested by
Host: www.millennium-secure-verification-cod.rlweb.com.br
URL: https://www.millennium-secure-verification-cod.rlweb.com.br/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.201.167.115 Karczew, Poland, ASN25055 (BBG-PL-AS, PL),
Reverse DNS
www.wt.bankmillennium.pl
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9327663db171e3c01e351f3f5562ee5ed8f3d6bde6a7da57d966997f1a4b7a57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.millennium-secure-verification-cod.rlweb.com.br/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Thu, 13 Feb 2020 11:22:02 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"0e931d05fe2d51:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43

Redirect headers

Date
Mon, 07 Sep 2020 21:59:28 GMT
Last-Modified
Thu, 13 Feb 2020 11:22:02 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"0e931d05fe2d51:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3P
CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Location
/dcse8mch2u63fnedziw0v82y2_2z2s/dcs.gif?dcsredirect=1&dcsdat=1599515968572&dcssip=www.millennium-secure-verification-cod.rlweb.com.br&dcsuri=Login_MulticodeRequest&dcsqry=%3Fnode=Login_MulticodeRequest&sp=1&WT.tz=2&WT.bh=23&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Logowanie%20-%20Bank%20Millennium&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=1&WT.es=www.millennium-secure-verification-cod.rlweb.com.br/&WT.vt_f_a=2&WT.vt_f=2&lang=PL
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank Millenium (Banking)

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| WebTrends function| dcsMultiTrack function| dcsDebug function| $ function| jQuery object| Modernizr object| eh object| jl object| mnUtils object| advert object| d undefined| iev boolean| ieold boolean| trident number| rv object| browserInfo function| WebTrendsOpenedBannerManagement function| AddWebTrendsButtonNextLoginAuthentication function| AddWebTrendsScreenViewLoginAuthentication function| AddWebTrendsButtonNext function| AddWebTrendsLink function| AddWebTrendsScreenView function| AddWebTrendsButtonClose function| DoResetPasswordWebTrends function| DoRetrievalWebTrends function| AddWebTrendsMoreDetailsWizard function| AddWebTrendsCheckboxWizard function| AddWebTrendsTextBoxWizard function| AddWebTrendsDateWizard function| AddWebTrendsRadioWizard function| topMenuAltChanged function| applyLeftInfoContent function| setLoginBoxHeight function| validateHelpBoxDescription function| pageHelp function| AddWebTrendsLinksEvents function| LogEventInDsc function| GenerateWebTrendId function| RetrieveLastNotEmptyValue function| handleAjaxError function| checkPositionAndApplyResponsive function| checkMenuName function| stickyFooter function| ToggleShortcutsPinnedButton function| GetCurrentProcessName function| LayoutCheck function| UpdateLogoutCounter function| ProlongSessionToken object| Base64 object| _0x4653 function| _0x2b31 function| Fingerprint2 function| logCampaignModalShown function| logSpouseModalShown function| initCampaignModalTooltip function| initSpouseModal function| applyResponsiveToModal function| getModalHeights function| initLegalNoteTooltip function| onCampaignModalTooltipClose function| onCampaignModalTooltipShow function| createWebTrendsClickValue function| onSpouseModalShow function| BindCurrentAccounts function| BindSavingAccounts function| BindCards function| BindInsurances function| BindFrequentBeneficiaries function| ResizeGoals function| ResizeCards function| BindPlaner function| BindOnboarding function| ShowMGM function| OnboardingChangeProduct function| GetOnboardingAction function| GetOnboardingAnswerTree function| OnboardingRedirectToProcess function| OnboardingSetAnswer undefined| _jScrollPaneApi undefined| resizeTimer object| d3 object| _tag string| gTempWtId string| applicationBaseUrl boolean| confirm_end function| checkCustom

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
wt.bankmillennium.pl
www.millennium-secure-verification-cod.rlweb.com.br
162.221.187.186
193.201.167.115
2a00:1450:4001:81c::200a
142bae13ed3aa552af239f58ae7e6cf8ff0f186daa1cb544455ba4c2e40c438f
22879ad6c25054c595493e26ba62d96adb867e100aebfb5f5a20321cb0cf06cc
34b512fedf7c51bf90a2ca0b668ae944a3910088a7e2d0fb499589e1f7c21a8b
35d813e374c5c582e9846b71f39199912a85b1652bfa03a19bb7e33590e81cdd
3c06d4b0aa913d37163cd1bcba4972e7c5e491977bb250c909479359ff5cdd28
436609738417e32a22105cf07cadebabde9df366054b20540e135eb6599ef144
51584e115c173523d82c30e541d419de2e45423c181eac68b3561b0bd67131bd
7589e86ab13dfda1eb97faa2cbae63b1bd5600ad780d08feb8dd864b057f466d
7933a007fdc559af07f285c715d81b2b9cf8bcd65bbef4799c71528b870e163b
843257bd9f9a9f2d33ff26087562f4ca74328155874f9dedf1826153a5770b88
8b46e13520119482b14b400ba01a5d677415e10a972322f02c38606c092771e1
9327663db171e3c01e351f3f5562ee5ed8f3d6bde6a7da57d966997f1a4b7a57
a23239d81276e94f76b13b5f5949d700f555e8dd9d2a9888732870f58cac4737
bb0059e1aa177fc2cd1b0a1fb3ffa283a60b13ee985e400b00a6791adf28d3f7
c2790c63c364bc0f6117a0886ace86ae0f4f72c8acaa37aa6ccc6cf2778bba0e
c54e7b07d263c65695f5256000e59e601c403da19dae63d105f31fe8a86dcb40
cec872afd25546cd6d68d03c4d3b55a0f8b311f54454bd287470ee2ebfd18257
d986183f02501f64d6bac90be7c73ad27f91fbd82a2ccf082d276378d1043fb0
dbb1c732fcde3f2d3d52e817e1582d8e185ce7a8697928dd34d66780f84d4a15