consultesuafatura.com Open in urlscan Pro
162.213.251.236  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request mobile Show response consultesuafatura.com/	4 KB 2 KB	1302ms 991ms	Document text/html	162.213.251.236 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.236 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business91-3.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash 73dd953e4799c0052b2a5a86bcb0875c9be52e5d019e90a2be80fdc4f1b346a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :method GET :authority consultesuafatura.com :scheme https :path /mobile pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:58 GMT server Apache x-powered-by Express, Phusion Passenger etag W/"1033-ZK+zopkTtfme1UpMEFXIUBfT0D8-gzip" status 200 OK vary Accept-Encoding content-encoding gzip content-length 1170 content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN x-xss-protection 1; mode=block x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload; referrer-policy no-referrer-when-downgrade
GET H2	200	bootstrap.min.css bootswatch.com/4/materia/	190 KB 25 KB	243ms 219ms	Stylesheet text/css	2606:4700:3037::ac43:b8ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bootswatch.com/4/materia/bootstrap.min.css Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b8ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a93ec45ac569400f853b00aaad80a3d23e7f2f16968410497e212a65e040949 Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:59 GMT content-encoding br cf-cache-status REVALIDATED nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0937080b7300004d84fb029000000001 last-modified Mon, 22 Feb 2021 20:26:06 GMT server cloudflare x-github-request-id 6C6C:69A8:9BD3DB:C17A22:60342170 etag W/"6034135e-2f7a9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qOl51zB52GQF0abACcKVtuPEflAJTc1QwWjIeWaRJT3HnrDFGsT2FSQOa2Ixe4Ncwg7q4%2Fcl7I1ECXRHSgK1quDPRrqxMvjJGsj7xGYhkKBvhy81vB9PdlA4YQ%3D%3D"}],"max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 x-proxy-cache MISS cf-ray 639ea9258e874d84-FRA x-origin-cache HIT expires Sat, 03 Apr 2021 02:02:02 GMT
GET H2	200	axios.min.js Show response cdn.jsdelivr.net/npm/axios/dist/	14 KB 5 KB	22ms 6ms	Script application/javascript	2a04:4e42:3::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 6685 x-cache HIT cross-origin-resource-policy cross-origin content-length 4949 etag W/"3813-8k0LzDYCe85FyGrPuleySO22o/k" x-served-by cache-fra19124-FRA date Sat, 03 Apr 2021 01:52:59 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	32ms 14ms	Script application/javascript	2001:4de0:ac18::1:a:3b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:59 GMT content-encoding gzip last-modified Tue, 02 Mar 2021 17:27:20 GMT server nginx etag W/"603e7578-15d9d" vary Accept-Encoding x-hw 1617414779.dop242.fr8.t,1617414779.cds225.fr8.hn,1617414779.cds144.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H2	200	jquery.mask.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/	8 KB 3 KB	21ms 20ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:59 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 1715984 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3074 cf-request-id 0937080b5c000097ccc58f8000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:47 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec3-2087" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dthk3ojc0uGKqyYlM1LtXiwjz%2BBaA7974Hlo5RpRMwjcXoPYtrK2H4LlS9zVoRN%2FAlmsV8UsaxxB05WzV6U8i%2BbsDFnV7IqLmsmpdBXN5Rt7cIbHiYPL5pkHQjDqgIUEqg%3D%3D"}]} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 639ea9255b6597cc-FRA expires Thu, 24 Mar 2022 01:52:59 GMT
GET H2	200	style.css consultesuafatura.com/mobile/css/	1 KB 924 B	168ms 168ms	Stylesheet text/css	162.213.251.236 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://consultesuafatura.com/mobile/css/style.css Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.236 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business91-3.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash c7eee52b24309f97fb7781ec03bf82a4e0e36a28525c55959ac0fcbd1bf79dde Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:59 GMT content-encoding gzip x-content-type-options nosniff x-powered-by Express, Phusion Passenger status 200 OK strict-transport-security max-age=31536000; includeSubDomains; preload; content-length 482 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade last-modified Thu, 25 Mar 2021 19:12:06 GMT server Apache x-frame-options SAMEORIGIN etag W/"573-1786acd0b70-gzip" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 accept-ranges bytes
GET H2	200	hipercard.png www.hipercard.com.br/content/dam/hipercard/logo/	3 KB 3 KB	201ms 66ms	Image image/webp	104.109.77.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.hipercard.com.br/content/dam/hipercard/logo/hipercard.png Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.77.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-109-77-88.deploy.static.akamaitechnologies.com Software Akamai Image Manager / Resource Hash f1d3179a6d6de19a3c9b4abf3eff2a30ab80717d32be1f4c1bf5949b94a3ef8d Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:53:00 GMT x-check-cacheable YES x-serial 522 etag W/"28a9-5bd8a1ed69098" content-type image/webp cache-control private, no-transform, max-age=43200 last-modified Mon, 15 Mar 2021 02:36:45 GMT server-timing cdn-cache; desc=HIT, edge; dur=6 content-length 2862 server Akamai Image Manager expires Sat, 03 Apr 2021 13:53:00 GMT
GET H2	200	controlers.js Show response consultesuafatura.com/mobile/javascript/	4 KB 2 KB	163ms 163ms	Script application/javascript	162.213.251.236 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://consultesuafatura.com/mobile/javascript/controlers.js Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.236 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business91-3.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash ff773b06a0cc1b68845b08287ba9c559243c90e171f8507e55a68194a7b73665 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://consultesuafatura.com/mobile User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:52:59 GMT content-encoding gzip x-content-type-options nosniff x-powered-by Express, Phusion Passenger status 200 OK strict-transport-security max-age=31536000; includeSubDomains; preload; content-length 1311 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade last-modified Wed, 31 Mar 2021 17:03:28 GMT server Apache x-frame-options SAMEORIGIN etag W/"ff0-178893d6f00-gzip" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 accept-ranges bytes
GET H3-Q050	200	css2 fonts.googleapis.com/	8 KB 1 KB	42ms 28ms	Stylesheet text/css	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Requested by Host: bootswatch.com URL: https://bootswatch.com/4/materia/bootstrap.min.css Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 98c97cee2e97ed78fff3ba4cc0377f4272e7dec8c2e1496d9f857bffce798a90 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bootswatch.com/4/materia/bootstrap.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Sat, 03 Apr 2021 01:23:03 GMT server ESF date Sat, 03 Apr 2021 01:53:00 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 03 Apr 2021 01:53:00 GMT
GET H2	200	img_home_bg.png consultesuafatura.com/mobile/images/	215 KB 216 KB	163ms 163ms	Image image/png	162.213.251.236 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://consultesuafatura.com/mobile/images/img_home_bg.png Requested by Host: consultesuafatura.com URL: https://consultesuafatura.com/mobile/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.236 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business91-3.web-hosting.com Software Apache / Express, Phusion Passenger Resource Hash 1dff57f5c28bc976957e6b8a699acd7c212a5607a1ead199664b4aba479d22b6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://consultesuafatura.com/mobile/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 01:53:00 GMT referrer-policy no-referrer-when-downgrade last-modified Mon, 22 Mar 2021 17:01:44 GMT server Apache x-powered-by Express, Phusion Passenger x-frame-options SAMEORIGIN content-type image/png status 200 OK x-xss-protection 1; mode=block cache-control public, max-age=0 etag W/"35db1-1785ae29cc0" strict-transport-security max-age=31536000; includeSubDomains; preload; accept-ranges bytes content-length 220593 x-content-type-options nosniff
GET H3-Q050	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v20/	16 KB 16 KB	56ms 42ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://consultesuafatura.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 02 Apr 2021 10:03:37 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:37 GMT server sffe age 56963 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15872 x-xss-protection 0 expires Sat, 02 Apr 2022 10:03:37 GMT
GET H3-Q050	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v20/	15 KB 16 KB	53ms 39ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://consultesuafatura.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 02 Apr 2021 10:03:37 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:36 GMT server sffe age 56963 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15736 x-xss-protection 0 expires Sat, 02 Apr 2022 10:03:37 GMT
GET H3-Q050	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v20/	15 KB 16 KB	54ms 40ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://consultesuafatura.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 30 Mar 2021 15:37:32 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:19:00 GMT server sffe age 296128 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15816 x-xss-protection 0 expires Wed, 30 Mar 2022 15:37:32 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| axios function| $ function| jQuery object| $jscomp function| SalvarDados function| next function| BloquearAcesso function| RedirecionarBloqueio function| finall function| nextUltimosDados function| getNome

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://code.jquery.com/jquery-3.6.0.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'blocked' of null TypeError: Cannot read property 'blocked' of null at RedirecionarBloqueio (https://consultesuafatura.com/mobile/javascript/controlers.js:48:22) at HTMLDocument.<anonymous> (https://consultesuafatura.com/mobile/javascript/controlers.js:110:5) at e (https://code.jquery.com/jquery-3.6.0.min.js:2:30038) at t (https://code.jquery.com/jquery-3.6.0.min.js:2:30340) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bootswatch.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
consultesuafatura.com
fonts.googleapis.com
fonts.gstatic.com
www.hipercard.com.br
104.109.77.88
162.213.251.236
2001:4de0:ac18::1:a:3b
2606:4700:3037::ac43:b8ce
2606:4700::6810:135e
2a00:1450:4001:827::200a
2a00:1450:4001:829::2003
2a04:4e42:3::621
1dff57f5c28bc976957e6b8a699acd7c212a5607a1ead199664b4aba479d22b6
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
73dd953e4799c0052b2a5a86bcb0875c9be52e5d019e90a2be80fdc4f1b346a2
8a93ec45ac569400f853b00aaad80a3d23e7f2f16968410497e212a65e040949
98c97cee2e97ed78fff3ba4cc0377f4272e7dec8c2e1496d9f857bffce798a90
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
c7eee52b24309f97fb7781ec03bf82a4e0e36a28525c55959ac0fcbd1bf79dde
f1d3179a6d6de19a3c9b4abf3eff2a30ab80717d32be1f4c1bf5949b94a3ef8d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff773b06a0cc1b68845b08287ba9c559243c90e171f8507e55a68194a7b73665