consultasitau.xyz Open in urlscan Pro
23.184.48.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://consultasitau.xyz/
Effective URL:
https://consultasitau.xyz/
Submission: On November 19 via api (November 19th 2024, 2:51:08 pm UTC) from BR — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 23.184.48.25, located in Liberty Lake, United States and belongs to INCOGNET IncogNET LLC, US. The main domain is consultasitau.xyz.
TLS certificate: Issued by E6 on November 18th 2024. Valid for: 3 months.

This is the only time consultasitau.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address		AS Autonomous System
12	23.184.48.25 23.184.48.25		210630 (INCOGNET ...) (INCOGNET IncogNET LLC)
12	1

12 23.184.48.25 (Liberty Lake, United States)

ASN210630 (INCOGNET IncogNET LLC, US)

consultasitau.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	consultasitau.xyz consultasitau.xyz	227 KB
12	1

	Domain	Requested by
12	consultasitau.xyz	consultasitau.xyz
12	1

This site contains no links.

Subject Issuer	Validity	Valid
consultasitau.xyz E6	`2024-11-18` - `2025-02-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://consultasitau.xyz/
Frame ID: EA374E9AAD2933DA83C3659B883BB8B6
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Itau Card | Identificação

Page URL History Show full URLs

http://consultasitau.xyz/ HTTP 307
https://consultasitau.xyz/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

227 kB
Transfer

285 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://consultasitau.xyz/ HTTP 307
https://consultasitau.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response consultasitau.xyz/ Redirect Chain http://consultasitau.xyz/ https://consultasitau.xyz/	2 KB 1 KB	1380ms 104ms	Document text/html	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `324ff091d0784d0d7f9a134ac78c058ae5d6577c76fe7d06711ebccb0ab95ecc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 806 Content-Type text/html; charset=UTF-8 Date Tue, 19 Nov 2024 14:51:02 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.58 (Ubuntu) Vary Accept-Encoding Redirect headers Location https://consultasitau.xyz/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	jquery-3.2.1.min.js Show response consultasitau.xyz/js/	85 KB 30 KB	110ms 108ms	Script text/javascript	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/js/jquery-3.2.1.min.js Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers Content-Encoding gzip ETag "15283-62417a05e7e8d-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 30138 Keep-Alive timeout=5, max=99 Date Tue, 19 Nov 2024 14:51:02 GMT Last-Modified Thu, 10 Oct 2024 04:15:53 GMT Vary Accept-Encoding Server Apache/2.4.58 (Ubuntu) Content-Type text/javascript
GET H/1.1	200 OK	jquery.mask.min.js Show response consultasitau.xyz/js/	5 KB 2 KB	307ms 102ms	Script text/javascript	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/js/jquery.mask.min.js Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers Content-Encoding gzip ETag "12fc-62417a074c9b2-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 2158 Keep-Alive timeout=5, max=100 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:55 GMT Vary Accept-Encoding Server Apache/2.4.58 (Ubuntu) Content-Type text/javascript
GET H/1.1	200 OK	home_scripts.js Show response consultasitau.xyz/js/	964 B 675 B	307ms 102ms	Script text/javascript	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/js/home_scripts.js Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `16007457cc024cb7a6819dc3f912974ddcbebe2fe4726f592b4d148b6d669133` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers Content-Encoding gzip ETag "3c4-62417a05e8e2d-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 332 Keep-Alive timeout=5, max=100 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:53 GMT Vary Accept-Encoding Server Apache/2.4.58 (Ubuntu) Content-Type text/javascript
GET H/1.1	200 OK	home_style.css consultasitau.xyz/assets/css/	4 KB 1 KB	297ms 104ms	Stylesheet text/css	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/assets/css/home_style.css Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `6d139e67f99bf5de0e3a5e8a2b81e9baf38298402654450d94ec3932e9d827f8` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers Content-Encoding gzip ETag "ebb-624179f1cdcfb-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 1048 Keep-Alive timeout=5, max=98 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:32 GMT Vary Accept-Encoding Server Apache/2.4.58 (Ubuntu) Content-Type text/css
GET H/1.1	200 OK	img_home_logo.png consultasitau.xyz/assets/imagenss/	4 KB 4 KB	309ms 104ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/img_home_logo.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `7567ac56d5b7f15cc4d6cb7c15524f12039dfec5d7834364f58823545500659e` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers ETag "e31-624179e7f82ef" Connection Keep-Alive Accept-Ranges bytes Content-Length 3633 Keep-Alive timeout=5, max=100 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:22 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	ic_contact_card.png consultasitau.xyz/assets/imagenss/	503 B 788 B	315ms 106ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/ic_contact_card.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `7128b3163ef3d75f3f7f7e803b65a7bbfbf480c880c7a815c33ea82d549e630d` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers ETag "1f7-624179e7fb1cf" Connection Keep-Alive Accept-Ranges bytes Content-Length 503 Keep-Alive timeout=5, max=100 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:22 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	ic_itokenapp.png consultasitau.xyz/assets/imagenss/	2 KB 2 KB	103ms 103ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/ic_itokenapp.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `75851533db3fda044c3fe2bdfbb1dfdf808586387493fc5b3395ba8400391046` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers ETag "7ff-624179e95c644" Connection Keep-Alive Accept-Ranges bytes Content-Length 2047 Keep-Alive timeout=5, max=99 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:23 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	ic_ajuda.png consultasitau.xyz/assets/imagenss/	1 KB 2 KB	103ms 103ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/ic_ajuda.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `915e3aea1eda6df53467eb792f487578c127d19740a1eb669d6dba7d2435edb4` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers ETag "55e-624179eac0999" Connection Keep-Alive Accept-Ranges bytes Content-Length 1374 Keep-Alive timeout=5, max=99 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:25 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	img-itau.png consultasitau.xyz/assets/imagenss/	175 KB 176 KB	104ms 104ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/img-itau.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/assets/css/home_style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `d33cfca923e87510e2837231c77985de89f00f0ba8bf8b4e86bf7086f38514c6` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/assets/css/home_style.css Response headers ETag "2bd3e-624179eb27241" Connection Keep-Alive Accept-Ranges bytes Content-Length 179518 Keep-Alive timeout=5, max=99 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:25 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	ic_cadeado.png consultasitau.xyz/assets/imagenss/	783 B 1 KB	103ms 103ms	Image image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Show image Full URL https://consultasitau.xyz/assets/imagenss/ic_cadeado.png Requested by Host: consultasitau.xyz URL: https://consultasitau.xyz/assets/css/home_style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `3b28fd611f0f51576757693edb78d14b162007c819945963b8ea339a456f5404` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/assets/css/home_style.css Response headers ETag "30f-624179e96201c" Connection Keep-Alive Accept-Ranges bytes Content-Length 783 Keep-Alive timeout=5, max=97 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:23 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)
GET H/1.1	200 OK	ico_favicon.png consultasitau.xyz/assets/imagenss/	6 KB 6 KB	104ms 104ms	Other image/png	23.184.48.25 INCOGNET IncogNET...
General Check archive.org Show headers Download Go to Full URL https://consultasitau.xyz/assets/imagenss/ico_favicon.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.184.48.25 Liberty Lake, United States, ASN210630 (INCOGNET IncogNET LLC, US), Reverse DNS Software Apache/2.4.58 (Ubuntu) / Resource Hash `e412359db0da7a6e4a55a4147d94570ad3407b7e81873ee2c5b04135a4097299` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://consultasitau.xyz/ Response headers ETag "17aa-624179ec23196" Connection Keep-Alive Accept-Ranges bytes Content-Length 6058 Keep-Alive timeout=5, max=98 Date Tue, 19 Nov 2024 14:51:03 GMT Last-Modified Thu, 10 Oct 2024 04:15:26 GMT Content-Type image/png Server Apache/2.4.58 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| passballs function| validatebt

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	error	URL: https://consultasitau.xyz/js/jquery-3.2.1.min.js(Line 2) Message: Listener added for a 'DOMNodeInserted' mutation event. Support for this event type has been removed, and this event will no longer be fired. See https://chromestatus.com/feature/5083947249172480 for more information.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

consultasitau.xyz
23.184.48.25
16007457cc024cb7a6819dc3f912974ddcbebe2fe4726f592b4d148b6d669133
324ff091d0784d0d7f9a134ac78c058ae5d6577c76fe7d06711ebccb0ab95ecc
3b28fd611f0f51576757693edb78d14b162007c819945963b8ea339a456f5404
6d139e67f99bf5de0e3a5e8a2b81e9baf38298402654450d94ec3932e9d827f8
7128b3163ef3d75f3f7f7e803b65a7bbfbf480c880c7a815c33ea82d549e630d
7567ac56d5b7f15cc4d6cb7c15524f12039dfec5d7834364f58823545500659e
75851533db3fda044c3fe2bdfbb1dfdf808586387493fc5b3395ba8400391046
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
915e3aea1eda6df53467eb792f487578c127d19740a1eb669d6dba7d2435edb4
d33cfca923e87510e2837231c77985de89f00f0ba8bf8b4e86bf7086f38514c6
e412359db0da7a6e4a55a4147d94570ad3407b7e81873ee2c5b04135a4097299
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975

consultasitau.xyz Open in urlscan Pro 23.184.48.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

227 kBTransfer

285 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

consultasitau.xyz Open in urlscan Pro
23.184.48.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

227 kB
Transfer

285 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!