go2touch.ca
Open in
urlscan Pro
192.124.249.70
Malicious Activity!
Public Scan
URL:
https://go2touch.ca/vendor/psy/psysh/2021/promocao.php
Submission: On September 10 via automatic, source openphish — Scanned from DE
Submission: On September 10 via automatic, source openphish — Scanned from DE
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 8 HTTP transactions.
The main IP is 192.124.249.70, located in
Menifee, United States and
belongs to SUCURI-SEC, US.
The main domain is go2touch.ca.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 30th 2021. Valid for: a year.
This is the only time go2touch.ca was scanned on urlscan.io!
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 30th 2021. Valid for: a year.
This is the only time go2touch.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 8 | 192.124.249.70 192.124.249.70 | 30148 (SUCURI-SEC) (SUCURI-SEC) | |
| 8 | 1 |
8
192.124.249.70
(Menifee, United States)
ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10070.sucuri.net
ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10070.sucuri.net
| go2touch.ca |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
go2touch.ca
go2touch.ca |
124 KB |
| 8 | 1 |
| Domain | Requested by | |
|---|---|---|
| 8 | go2touch.ca |
go2touch.ca
|
| 8 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.sucuri.net Go Daddy Secure Certificate Authority - G2 |
2021-08-30 - 2022-10-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://go2touch.ca/vendor/psy/psysh/2021/promocao.php
Frame ID: C46D48805682F7BBD8F02D7948822AF3
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Itau Card | Promoção DescontãoDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
promocao.php
go2touch.ca/vendor/psy/psysh/2021/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.js
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cad_promo_scripts.js
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cad_promo_style.css
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img_logo.png
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img_card_cvv.png
go2touch.ca/vendor/psy/psysh/2021/promocao_arquivos/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ic_help_cvv.html
go2touch.ca/vendor/psy/psysh/2021/imagenss/ |
9 KB 9 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| validatefrmcad function| conterror function| validateckfrm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests; |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
go2touch.ca
192.124.249.70
47dcffe92172b4e92928fe5660d916143f21c85e59fe22e8fd81bc2490d60cba
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a8f1348836f7de077732c927fcfc7eaf2fcb82202b4323fba31aaa3b9881ae42
b0a024c37059b49943a42ede1abaa432aa6284eed892f973d317e044637f6114
ce63f786a482c5eaa4bb2c7eb8e2d3ba73faff151ac0c000181affc197b8332c
dc4278363fd3946c65ab1a342ed6ff956b47bb8b8520044455257c39129e92aa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975