faturaitau.lovable.app

https://faturaitau.lovable.app/

185.41.148.1 · Scanit i Sverige AB

Location

Västra Frölunda, Sweden

Domain Age

1025 days

HTTP

200 · 28.8s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Itaú - Consulta de Cartões"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Itaú

Vendors

26/26

Status

completed

✓ avg✓ bitdefender✓ avast✓ brightcloud✓ cisa✓ emsisoft✓ openphish✓ apwg✓ netcraft✓ urlscan✓ spamhaus✓ urlquery✓ apple✓ sophos✓ phishreport✓ microsoft✓ eset✓ yandex✓ norton✓ phishtank✓ virustotal✓ urlabuse✓ mcafee✓ threatyeti✓ google✓ fortiguard

Registered-domain escalation

Submit lovable.app as the primary IOC, enriched with evidence from hostile subdomains like faturaitau.lovable.app.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Itaú

Credential Phishing

Finance & Banking · 4/5/2026

Summary

This page impersonates Itaú Bank branding (Itaú - Consulta de Cartões) but is hosted on faturaitau.lovable.app. The page title and UI mimic Itaú’s card-lookup interface, yet the domain is not Itaú's official domain, indicating brand impersonation. The site loads Itaú-like visuals and prompts for card number and password, signaling credential harvesting via a cloned login form and SPA assets.

Attack Techniques (5)

Domain mismatch and brand impersonation (domain faturaitau.lovable.app not owned by Itaú)Cloned Itaú UI with login form requesting card number and passwordSPA-style page with external scripts and assets mimicking legitimate serviceBrand logo/assets embedded in HTML <og:image> and UI styling tailored to ItaúAnalytics endpoint POST to /~api/analytics potentially for data exfiltration

Indicators of Compromise (8)

▸DOMAIN: faturaitau.lovable.app

▸Page title: Itaú - Consulta de Cartões

▸Meta description and og:url reference Itaú branding

▸Login form present with password input

▸External script /assets/index-Lo6zoxXh.js and /~flock.js loaded from the same domain

▸POST to /~api/analytics

▸SSL cert issued to lovable.app (new, 2026) with a 7-month validity window

▸Screenshot shows Itaú-like color scheme and layout with card number and password fields

Risk AssessmentUsed in abuse reports

The site is actively impersonating Itaú by presenting an Itaú-branded card lookup/login interface on a non-Itaú domain faturaitau.lovable.app. The existence of a visible login form with a password field, combined with Itaú-like visuals in the HTML and assets, indicates credential phishing intended to harvest user credentials. The domain age is moderate (approx 1025 days) but the SSL certificate is issued to lovable.app with a short remaining validity, and the hosting URL clearly differs from Itaú’s official domain. The page includes analytics POST calls and SPA assets designed to resemble Itaú’s interface, which strongly suggests malicious intent and credential theft risk.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence