acessehoje.xyz Open in urlscan Pro
172.67.179.108 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://acessehoje.xyz/
Effective URL:
https://acessehoje.xyz/itau/inicio/
Submission: On February 27 via api (February 27th 2023, 4:03:15 pm UTC) from JP — Scanned from JP

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 172.67.179.108, located in United States and belongs to CLOUDFLARENET, US. The main domain is acessehoje.xyz.
TLS certificate: Issued by GTS CA 1P5 on February 19th 2023. Valid for: 3 months.

This is the only time acessehoje.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 18	172.67.179.108 172.67.179.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.21.80.114 104.21.80.114	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.76.138 142.250.76.138	15169 (GOOGLE) (GOOGLE)
17	2

18 172.67.179.108 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

acessehoje.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.80.114 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

acessehoje.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.76.138 (United States)

ASN15169 (GOOGLE, US)
PTR: kix07s06-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	acessehoje.xyz 3 redirects acessehoje.xyz	105 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	776 B
17	2

	Domain	Requested by
19	acessehoje.xyz	3 redirects acessehoje.xyz
1	fonts.googleapis.com	acessehoje.xyz
17	2

This site contains no links.

Subject Issuer	Validity	Valid
*.acessehoje.xyz GTS CA 1P5	`2023-02-19` - `2023-05-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://acessehoje.xyz/itau/inicio/
Frame ID: CA5FB66D5511E1B30D477CF65BEAC92B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Consultar Digital | Itaucard

Page URL History Show full URLs

https://acessehoje.xyz/ HTTP 302
https://acessehoje.xyz/itau/inicio HTTP 301
http://acessehoje.xyz/itau/inicio/ HTTP 301
https://acessehoje.xyz/itau/inicio/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

105 kB
Transfer

190 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://acessehoje.xyz/ HTTP 302
https://acessehoje.xyz/itau/inicio HTTP 301
http://acessehoje.xyz/itau/inicio/ HTTP 301
https://acessehoje.xyz/itau/inicio/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
acessehoje.xyz/itau/inicio/
Redirect Chain

https://acessehoje.xyz/
https://acessehoje.xyz/itau/inicio
http://acessehoje.xyz/itau/inicio/
https://acessehoje.xyz/itau/inicio/

19 KB
3 KB

321ms
321ms

Document
text/html

172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b30b0f02ac850e31cef95d04fb584235685194179dde873f1d9b816f8ac3749

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7a0226189b5980c3-NRT
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 27 Feb 2023 16:03:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FhP9t73OeAJZR6SQeiIbzDCgZt03CZ4uubHm5NQSH0yExRq7dxvA%2BMBaoM2P%2FVakSuwNo2LWbBaHpImnPtug1O0MqbpIm7ixfVpgvaxvE%2BUiPnyTkkf6%2FAZIQKAJZppkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

CF-RAY: 7a022616398ce019-NRT
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 27 Feb 2023 16:03:07 GMT
Expires: Mon, 27 Feb 2023 17:03:07 GMT
Location: https://acessehoje.xyz/itau/inicio/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Yig%2BVN9b4TyDQcCv4HjzwRA6BzG%2Fc5EK5ANdEIJ6gR2GyZcl63F%2FUFgKUQtl8GBkU%2F1%2F9Mz8fP3rK5VmZnzsgxmjRCILKKQ%2Fgx%2FT5EiZ6VuAdcQpMziiAzSoIHYpCCP9A%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.js Show response
acessehoje.xyz/itau/js/ 87 KB
32 KB 1010ms
1004ms Script
application/javascript 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/js/jquery.js
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ie%2FcF0Iq7SKWbLj1qlnJTMlI7eUT8nj6wEgFdv%2BYs%2BpWQc4ZCNs7NTKiZplRW0wRWLdgJlM1B8o%2F4JuqmrN2kJFI%2FS9k68Bb%2FSe2fQQoKcJvTqDkL95V1ay2waMVAM2CQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7a02261aad7680c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js.js Show response
acessehoje.xyz/itau/js/ 829 B
732 B 541ms
536ms Script
application/javascript 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/js/js.js?s1dafsfad
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04359500a657f5ad17f401c78a1dac274dc75d7b6b5f40690784a5c8da761977

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-33d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yffi5c6W7vicHoviaMG0kRE3Aa6SyL1HMxvYvVorFw4%2BdONPK%2By%2FRelgfslxq21QxF8aIzCatWcNIbzhygJOiC%2Fjk6fqUZ0RZoTnbfDp7jo5AjfvOWaVcaqvLb0rqt191w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7a02261aad7880c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 inicio.js Show response
acessehoje.xyz/itau/js/ 19 KB
3 KB 835ms
830ms Script
application/javascript 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/js/inicio.js
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a959371cda8870f3f647dda43133a6f18e494e605ca6c13a36a0f3777ca6fa17

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-4b19"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yiBnSmLGHwbHSzLkuPKOgyA2mIsYjsKK1rlmsqfZ9JYte%2F%2BQjgp0brmciHF1FHz83wpFfaoL4oVRvwfeMhNizooEPMlf5jTDeSljetew5R7%2FFoZy0OnJxUYzkWTm2w2lMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7a02261aad7a80c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 icon
fonts.googleapis.com/ 569 B
776 B 1176ms
336ms Stylesheet
text/css 142.250.76.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

kix07s06-in-f10.1e100.net

Software

ESF /

Resource Hash

e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Feb 2023 16:03:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Feb 2023 16:03:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Feb 2023 16:03:09 GMT

GET
H2 200 css.css
acessehoje.xyz/itau/css/ 377 B
385 B 667ms
663ms Stylesheet
text/css 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/css/css.css
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db7a0a0a1074579a3e5c8b30c136104458ec16285bfe1967ae7b4307f4769b93

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-179"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utZ5ahzDkmZX1zfKdVf0WOFjEumzFnxYyAYc6qunlkiOF%2F8pQLNhB2fWiVX7IIngbcCTa0QWkxGfpHMDhnpNxnZz8B2k%2FYS%2BoP9OsPwXhgnLX5qhpXWvqHyz5BIQebGS8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a02261aad7280c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 inicio.css
acessehoje.xyz/itau/css/ 1 KB
670 B 536ms
532ms Stylesheet
text/css 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/css/inicio.css
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c215c555ae2c328b4919c9f368eb43ab38cc69b4f528be246d9a5711ac4759

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-552"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8sRGvqT5Xk2SpI4tpLyNf7f%2FAwQEncytthKs6GftU%2Bg2HewOvYkN8uKLGiKQEf4ZHCDlSfwbvxKsA9d91B1lMpzEbVQ79PPHfiI0ry8HQ%2B%2FCn5PslcEb9gisNYPXOonng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a02261aad7580c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 logo.webp
acessehoje.xyz/itau/imgs/ 5 KB
5 KB 1011ms
1010ms Image
image/webp 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acessehoje.xyz/itau/imgs/logo.webp
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/inicio/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e30cb01245b3ef9d702b8a5310f0aecfc57e23e1dee7d757fd4dee6ead6e6602

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://acessehoje.xyz/itau/inicio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:09 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63ee917a-125c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxgkt3GH07GiDSxt%2Fzea%2BqrtLKZit0FpbLfetWqzsp6rr5U7qEL8yy%2FB9iCdHG3CNuOntxCHcfC21kDkrSSCWLDvPAjmkZkLGqHHAwZJKbIC28o5uRQ39k2krMW4a6x0Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a022621fc4080c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4700

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
386 B 325ms
325ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:10 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vE6ahVmuGPNl4QPPfk3KMWApKV9IoC5soCF4jd6tSpLGCi%2Bdb0pNGsJunhcbmBypwFiRGMjJ%2FfC2NQI%2FZOCpb66MSYSWq8rNaW0ea510TYvdNs%2Fymm8E%2F44zy3A3fu7mDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a022627494680c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 fontea.woff
acessehoje.xyz/api/fontes/ 17 KB
18 KB 1151ms
1151ms Font
application/font-woff 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/api/fontes/fontea.woff
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91

Request headers

Referer: https://acessehoje.xyz/itau/css/css.css
Origin: https://acessehoje.xyz
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:11 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-45e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzFe%2FPceEGhxWO3PcEluWcgddTl7i%2FDzRjb%2FX8dPrkog8l2hhV7XyDIrf7TEcMDPz8y%2BNmh%2BWVcLSv%2F5c4zyc%2F5bCV7YHy4U6VTraQAZBfL63tzWL2HZQ22eFI6HAwjX4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=14400
cf-ray: 7a022627494980c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fonted.woff
acessehoje.xyz/api/fontes/ 20 KB
20 KB 491ms
491ms Font
application/font-woff 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/api/fontes/fonted.woff
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1

Request headers

Referer: https://acessehoje.xyz/itau/css/css.css
Origin: https://acessehoje.xyz
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:10 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-4f84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvZ8EmHCOJWBH2Fh7uCGsKA8N91f%2BZLalhhF1g6vEcpmkrJt7TV3aTUKANKYxn84hBDaRkLWQjR%2FQg0fIPaeuMFvAh3wMUgV0ka70EeJC3sBvk4XQt1WDSdolKvYbl%2F06w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=14400
cf-ray: 7a022627494a80c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fonteb.woff
acessehoje.xyz/api/fontes/ 20 KB
20 KB 1149ms
1149ms Font
application/font-woff 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/api/fontes/fonteb.woff
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684

Request headers

Referer: https://acessehoje.xyz/itau/css/css.css
Origin: https://acessehoje.xyz
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:03:11 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Feb 2023 20:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ee917a-4f2c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOKABbXCL8m7kJPMft8%2FdflEcxgWkCv9G4hOer0fhjzJyRhqRa4Qd77UtVLiwJgh8WQAYlVRW%2FzB59X14VHt8OdbV8GJyh%2BG1l0cTdnvE1Cy%2F4n6nemcsiz81hJF6fi9xg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=14400
cf-ray: 7a022627494b80c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
274 B 471ms
470ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:11 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXnWpJQa81aOHHAxskBuln9Z5VIKz0ZPI6Fe6KeN3nMVZk3B3clJjQ0pvJozu9aiqTiEkDLYDyuA8AyR79gXbz59NQN7GxCLO3%2By%2F4ejcLkibJ5Xb%2Bv9plztAUeq2%2F5yXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a02262d984280c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
308 B 265ms
265ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y3APvkAuD7Zx%2BMb%2B6PEXUx4zep9uUMtmKrGyrVVOpFxrWrM4wrHcthNHeXsFQ1dXtaFc1WtoKUeT8XAk%2BauACpHduNKWrv3b09knKpIPHBjyH5SvYDxzZbNM4aLBhs%2F%2BGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a022633cd3680c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
307 B 205ms
204ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:13 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9CgoAOHm6Pb6s5bGDDameG9h%2Frbol%2BR6VApRLWD3Wryuz%2FY0yT9aa4vnUsdtXu5yFMy3u0PMr99at187%2BH4vr49dK3IrnR%2B1nEilFm3yo1ACcer%2BeVw%2FZ2NqMbqmvbCYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a02263a1a6480c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
395 B 283ms
282ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:14 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyORtyHDBG8H8ivRDeg97aKxJBzw0i%2FQUnU48FUf0kHpt3eALia6ozgpby9VudqyowbN457Cp7GkGvOrOxvFnpk5SNzSByGHtpxukiZpl1IomA41pOBcmMKKX1yaJnsosQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a0226405fc480c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 api.php Show response
acessehoje.xyz/itau/api/ 0
386 B 252ms
251ms XHR
text/html 172.67.179.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acessehoje.xyz/itau/api/api.php?metodo=online&local=inicio&dispositivo=desktop
Requested by: Host: acessehoje.xyz
URL: https://acessehoje.xyz/itau/js/jquery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.179.108 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/html, */*; q=0.01
Referer: https://acessehoje.xyz/itau/inicio/
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 16:03:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPSG8lceH8scu6q%2F%2BOrXebDkKFJjBY%2B3Oqc2EO4yskoUPpz0GJa2FfW7YRCE3TsS%2BitNJUIIjgZEEDkji0SwmFEK9mQI1iMwBdZ9PjQxSmZ2aOF76Q73YWkAmsZNcZb7sA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7a0226468c8580c3-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			acessehoje.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: pt2u1o2tn2iqe2rqmuupb7jorq

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acessehoje.xyz
fonts.googleapis.com
104.21.80.114
142.250.76.138
172.67.179.108
04359500a657f5ad17f401c78a1dac274dc75d7b6b5f40690784a5c8da761977
661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91
806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1
89c215c555ae2c328b4919c9f368eb43ab38cc69b4f528be246d9a5711ac4759
9b30b0f02ac850e31cef95d04fb584235685194179dde873f1d9b816f8ac3749
a959371cda8870f3f647dda43133a6f18e494e605ca6c13a36a0f3777ca6fa17
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684
db7a0a0a1074579a3e5c8b30c136104458ec16285bfe1967ae7b4307f4769b93
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e30cb01245b3ef9d702b8a5310f0aecfc57e23e1dee7d757fd4dee6ead6e6602
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

acessehoje.xyz Open in urlscan Pro 172.67.179.108 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

105 kBTransfer

190 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

1 Cookies

Indicators

acessehoje.xyz Open in urlscan Pro
172.67.179.108 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

105 kB
Transfer

190 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!