Suspicious

Phishings targeting Itaú

Suspicious and active websites


Phishings targeting Itau

Suspicious and active websites


Active
11
New (7d)
11
Trend (7d)
About
AIBrazilian retail banking phishing - credential, OTP, and card-data harvest, often SMS-launched.
Countries
United StatesUnited States (9) · Hong KongHong Kong (1) · GermanyGermany (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-19 07:30 2026-07-19 01:02
https://itaucard-quarenta-off.com.ph
Screenshot of itaucard-quarenta-off.com.ph OpenPhish Details
2026-07-19 07:30 2026-07-18 13:02
https://ferreteria-itauhin-dd46ca.netlify.app
Screenshot of ferreteria-itauhin-dd46ca.netlify.app GSB OpenPhish Details
2026-07-19 07:30 2026-07-18 13:02
https://ingresos-itau.vercel.app
Screenshot of ingresos-itau.vercel.app GSB OpenPhish Details
2026-07-19 07:30 2026-07-18 01:03
https://servicio-itau.vercel.app
Screenshot of servicio-itau.vercel.app GSB OpenPhish Details
2026-07-19 07:30 2026-07-13 17:01
https://itau-mtl1cy76b-gamero-galons-projects.vercel.app
Screenshot of itau-mtl1cy76b-gamero-galons-projects.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-13 17:01
https://itauclientes-nqxep046f-gamero-galons-projects.vercel.app
Screenshot of itauclientes-nqxep046f-gamero-galons-projects.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-13 17:01
https://itauclientes-57hno70tt-gamero-galons-projects.vercel.app
Screenshot of itauclientes-57hno70tt-gamero-galons-projects.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-13 17:01
https://itauclientes-5dgntirlf-gamero-galons-projects.vercel.app
Screenshot of itauclientes-5dgntirlf-gamero-galons-projects.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-13 17:01
https://itauclientes-9neuh26h8-gamero-galons-projects.vercel.app
Screenshot of itauclientes-9neuh26h8-gamero-galons-projects.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-13 17:01
https://itauclientes.vercel.app
Screenshot of itauclientes.vercel.app GSB PhishTank Details
2026-07-19 07:30 2026-07-12 15:41
https://itautu.vip
Screenshot of itautu.vip GSB Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://itaucard-quarenta-off…
OpenPhish
Screenshot of itaucard-quarenta-off.com.ph Details
https://ferreteria-itauhin-dd…
GSB OpenPhish
Screenshot of ferreteria-itauhin-dd46ca.netlify.app Details
https://ingresos-itau.vercel.…
GSB OpenPhish
Screenshot of ingresos-itau.vercel.app Details
https://servicio-itau.vercel.…
GSB OpenPhish
Screenshot of servicio-itau.vercel.app Details
https://itau-mtl1cy76b-gamero…
GSB PhishTank
Screenshot of itau-mtl1cy76b-gamero-galons-projects.vercel.app Details
https://itauclientes-nqxep046…
GSB PhishTank
Screenshot of itauclientes-nqxep046f-gamero-galons-projects.vercel.app Details
https://itauclientes-57hno70t…
GSB PhishTank
Screenshot of itauclientes-57hno70tt-gamero-galons-projects.vercel.app Details
https://itauclientes-5dgntirl…
GSB PhishTank
Screenshot of itauclientes-5dgntirlf-gamero-galons-projects.vercel.app Details
https://itauclientes-9neuh26h…
GSB PhishTank
Screenshot of itauclientes-9neuh26h8-gamero-galons-projects.vercel.app Details
https://itauclientes.vercel.a…
GSB PhishTank
Screenshot of itauclientes.vercel.app Details
https://itautu.vip
GSB
Screenshot of itautu.vip Details

AIHow to verify a real Itaú URL

  • Legitimate Itaú URLs always end in itau.com.br (e.g. www.itau.com.br, account.itau.com.br). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Itaú.
  • The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
  • If you got the link from email, SMS, or social media, do not click it. Open itau.com.br from your browser bookmark or type the domain manually.
  • Real Itaú pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.