untxi.com.br
Open in
urlscan Pro
162.241.203.171
Malicious Activity!
Public Scan
Submission: On April 17 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 12th 2023. Valid for: 3 months.
This is the only time untxi.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 162.241.203.171 162.241.203.171 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
8 | 1 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-203-171.unifiedlayer.com
untxi.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
untxi.com.br
untxi.com.br |
242 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | untxi.com.br |
untxi.com.br
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.untxi.com.br R3 |
2023-03-12 - 2023-06-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/?idm=bWV0YUBnb2wuY29t&F105113119N114117111=
Frame ID: 17D6286CA4DF640F64C163BF48AD281B
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/ |
68 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
95 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsdata.min.js
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
917 B 548 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
326 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
index.php
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/ |
0 41 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8424a042624210828b0fbe7a8c533b2a.woff2
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
23 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fd1c0f449fc8540f82c47e1629cbd5dd.woff2
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8fd30bd010d9e2c7677ec339685f958b.woff
untxi.com.br/acc-usr-rbuncxx-username-4128942910510210420412521/datainf/ |
30 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| canvas object| gl string| platform object| debugInfo string| vendor string| renderer number| width number| width2 number| height number| height2 number| color_depth number| bitspp number| ram string| s object| xhr string| ret_js string| html0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
untxi.com.br
162.241.203.171
2b6c6365b4433c5dee0b264f0ffb8125f809af60046a77786cfb275be7516eae
5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
aff28fdb83f965ae77beb2e5e7a01416d9516d110733e5ce1b7809c71ee9fee7
ca52d3636168260386dc617870115ce4f8819f9d96a50f72e89fd4d9a9149ded
d1e87295d125e7f5f258383b2e35751dbec33675f7ac6ebcb7570ede83413ba6
e1f8e67d54b287369f8fb000d14af4ea5ea2da8519ffae2e04f4be83d3af9141
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855