urlscan.io logo urlscan.io
SecurityTrails logo

digitalitaubafa.xyz Open in urlscan Pro
185.213.81.108  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://digitalitaubafa.xyz/
Effective URL: https://digitalitaubafa.xyz/
Submission: On March 30 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 185.213.81.108, located in Germany and belongs to AS-HOSTINGER, CY. The main domain is digitalitaubafa.xyz.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on March 28th 2022. Valid for: 3 months.
This is the only time digitalitaubafa.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Magazine Luiza (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 6 185.213.81.108 47583 (AS-HOSTINGER)
1 2404:6800:400... 15169 (GOOGLE)
1 23.45.60.145 20940 (AKAMAI-ASN1)
2 2404:6800:400... 15169 (GOOGLE)
9 4
Apex Domain
Subdomains		 Transfer
6 digitalitaubafa.xyz
digitalitaubafa.xyz
36 KB
2 gstatic.com
fonts.gstatic.com
39 KB
1 itau.com.br
www.itau.com.br — Cisco Umbrella Rank: 16375
6 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 107
1 KB
9 4
Domain Requested by
6 digitalitaubafa.xyz 1 redirects digitalitaubafa.xyz
2 fonts.gstatic.com fonts.googleapis.com
1 www.itau.com.br digitalitaubafa.xyz
1 fonts.googleapis.com digitalitaubafa.xyz
9 4

This site contains no links.

Subject Issuer Validity Valid
digitalitaubafa.xyz
ZeroSSL RSA Domain Secure Site CA		 2022-03-28 -
2022-06-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
www.itau.com.br
DigiCert SHA2 Extended Validation Server CA		 2020-03-12 -
2022-06-11		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://digitalitaubafa.xyz/
Frame ID: 5908AF13EA623955E9B4B1A7986A3D9D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Magalu

Page URL History Show full URLs

  1. http://digitalitaubafa.xyz/ HTTP 301
    https://digitalitaubafa.xyz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

82 kB
Transfer

257 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://digitalitaubafa.xyz/ HTTP 301
    https://digitalitaubafa.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
digitalitaubafa.xyz/
Redirect Chain
  • http://digitalitaubafa.xyz/
  • https://digitalitaubafa.xyz/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.213.81.108 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.27
Resource Hash
2ae38ebc56becf5c03e6c0401dee97267981f29e50547777d88a55198231cfa3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

x-powered-by
PHP/7.4.27
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
content-type
text/html; charset=UTF-8
content-length
1687
content-encoding
br
vary
Accept-Encoding
date
Wed, 30 Mar 2022 00:02:09 GMT
server
LiteSpeed
content-security-policy
upgrade-insecure-requests
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-type
text/html
content-length
707
date
Wed, 30 Mar 2022 00:02:08 GMT
server
LiteSpeed
location
https://digitalitaubafa.xyz/
content-security-policy
upgrade-insecure-requests
css2
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Anton&family=Lato:wght@300;400&family=Oswald:wght@300&family=Roboto:ital,wght@0,300;1,100&display=swap
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
360b688ac7b84ac32db02e25efc160c0ccf3b3765c09f1e8535f9f35ffcd361c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 30 Mar 2022 00:02:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 30 Mar 2022 00:02:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 30 Mar 2022 00:02:10 GMT
magalu-logo.png
www.itau.com.br/content/dam/itau/cartoes/magalu/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.itau.com.br/content/dam/itau/cartoes/magalu/magalu-logo.png
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.60.145 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-45-60-145.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
91059ccdd65c1496d764f84ece42376760652ea7c734fe0c0dd0b086c91ce6ef

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 00:02:10 GMT
x-check-cacheable
YES
server
Akamai Image Manager
etag
"3be9-5c23d8df52480"
x-serial
215
access-control-allow-methods
GET, POST, GET, POST
content-type
image/webp
access-control-allow-origin
internet.itau.com.br, internet.itau.com.br
cache-control
private, no-transform, max-age=838955
last-modified
Wed, 27 Oct 2021 16:10:17 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
5316
expires
Fri, 08 Apr 2022 17:04:45 GMT
bootstrap.js
digitalitaubafa.xyz/js/ 		101 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://digitalitaubafa.xyz/js/bootstrap.js
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.213.81.108 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
60ce45567bcc08ff5ff0d9b123c90f18ae864873fb7abc103d22a29843b80072
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 00:02:10 GMT
content-encoding
br
last-modified
Mon, 28 Mar 2022 19:04:40 GMT
server
LiteSpeed
etag
"19378-624206c8-bae334d53523d20f;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
15604
expires
Wed, 06 Apr 2022 00:02:10 GMT
padrao_mk.js
digitalitaubafa.xyz/js/ 		2 KB
801 B 		Script
General
Check archive.org
Download Go to
Full URL
https://digitalitaubafa.xyz/js/padrao_mk.js
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.213.81.108 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1441dd1b788acd480830a9ed0611e7169cdc4d571c8e30c167bc04bcb3cd7b15
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 00:02:10 GMT
content-encoding
br
last-modified
Mon, 28 Mar 2022 19:04:52 GMT
server
LiteSpeed
etag
"796-624206d4-c2b7c2380cde6b53;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
716
expires
Wed, 06 Apr 2022 00:02:10 GMT
cpf.js
digitalitaubafa.xyz/js/ 		2 KB
724 B 		Script
General
Check archive.org
Download Go to
Full URL
https://digitalitaubafa.xyz/js/cpf.js
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.213.81.108 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
06f9ec4f0b7533cd3d5d4c717185eeca1792fa5c432e920b31ee8eb97473fe38
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 00:02:10 GMT
content-encoding
br
last-modified
Mon, 28 Mar 2022 19:04:44 GMT
server
LiteSpeed
etag
"8ba-624206cc-441e1fdc4ced5b4c;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
639
expires
Wed, 06 Apr 2022 00:02:10 GMT
card.js
digitalitaubafa.xyz/js/ 		96 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://digitalitaubafa.xyz/js/card.js
Requested by
Host: digitalitaubafa.xyz
URL: https://digitalitaubafa.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.213.81.108 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a5d6431c04a171ad0d1e0123c35fbe3350d5aad0a1fe0dd49daf0a45b2256faa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://digitalitaubafa.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 30 Mar 2022 00:02:10 GMT
content-encoding
br
last-modified
Mon, 28 Mar 2022 19:04:43 GMT
server
LiteSpeed
etag
"180e4-624206cb-f50362b45c6d71da;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
17421
expires
Wed, 06 Apr 2022 00:02:10 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anton&family=Lato:wght@300;400&family=Oswald:wght@300&family=Roboto:ital,wght@0,300;1,100&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://digitalitaubafa.xyz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Fri, 25 Mar 2022 00:13:12 GMT
x-content-type-options
nosniff
age
431338
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 25 Mar 2023 00:13:12 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anton&family=Lato:wght@300;400&family=Oswald:wght@300&family=Roboto:ital,wght@0,300;1,100&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://digitalitaubafa.xyz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 19:33:14 GMT
x-content-type-options
nosniff
age
534536
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:14:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Mar 2023 19:33:14 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Magazine Luiza (Consumer)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| mascaraMike function| pulacampo function| SomenteNumero function| checkCPF function| ucfirst function| card function| Payment function| Card

1 Cookies

Domain/Path Name / Value
digitalitaubafa.xyz/ Name: PHPSESSID
Value: 9dc6baa70b7bf4d48db3d486c5fb713d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests