149.102.147.59 Open in urlscan Pro
149.102.147.59 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://149.102.147.59/inicio/2vnatudcv8/index.php
Submission: On May 25 via api (May 25th 2023, 10:21:13 pm UTC) from BE — Scanned from DE

Summary HTTP 47 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 8 domains to perform 47 HTTP transactions. The main IP is 149.102.147.59, located in Portsmouth, United Kingdom and belongs to CONTABO, DE. The main domain is 149.102.147.59.

This is the only time 149.102.147.59 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Realize (Financial)

Domain & IP information

	IP Address	AS Autonomous System
32	149.102.147.59 149.102.147.59	51167 (CONTABO) (CONTABO)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	52.95.164.92 52.95.164.92	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	52.67.162.85 52.67.162.85	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
3	54.164.77.4 54.164.77.4	14618 (AMAZON-AES) (AMAZON-AES)
47	10

32 149.102.147.59 (Portsmouth, United Kingdom)

ASN51167 (CONTABO, DE)
PTR: box1.unidadedosestadosdobrfeliz.online

149.102.147.59	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.164.92 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1.amazonaws.com

s3-sa-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.67.162.85 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-67-162-85.sa-east-1.compute.amazonaws.com

cdn.pmweb.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.164.77.4 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-164-77-4.compute-1.amazonaws.com

bf73995led.bf.dynatrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gstatic.com www.gstatic.com fonts.gstatic.com	199 KB
3	dynatrace.com bf73995led.bf.dynatrace.com — Cisco Umbrella Rank: 376595	3 KB
1	pmweb.com.br cdn.pmweb.com.br — Cisco Umbrella Rank: 106116	9 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	46 KB
1	amazonaws.com s3-sa-east-1.amazonaws.com	516 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	52 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	4 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 320	30 KB
47	8

	Domain	Requested by
4	www.gstatic.com	149.102.147.59
3	bf73995led.bf.dynatrace.com	149.102.147.59
2	fonts.gstatic.com	149.102.147.59
1	cdn.pmweb.com.br	149.102.147.59
1	www.google-analytics.com	149.102.147.59
1	s3-sa-east-1.amazonaws.com	149.102.147.59
1	www.googletagmanager.com	149.102.147.59
1	cdnjs.cloudflare.com	149.102.147.59
1	ajax.googleapis.com	149.102.147.59
47	9

This site contains links to these domains. Also see Links.

Domain
www.realizesolucoesfinanceiras.com.br
www.lojasrenner.com.br
www.google.com
play.google.com
apps.apple.com
rennerchat.flexcontact.com.br
wa.me

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.s3-sa-east-1.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2024-02-07`	10 months	crt.sh
*.pmweb.com.br Amazon RSA 2048 M01	`2023-02-03` - `2023-09-02`	7 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.bf.dynatrace.com Amazon RSA 2048 M02	`2023-03-01` - `2024-01-07`	10 months	crt.sh

This page contains 5 frames:

Primary Page: http://149.102.147.59/inicio/2vnatudcv8/index.php
Frame ID: 2CD30B9B82A54FA52F29ABD6BB192143
Requests: 34 HTTP requests in this frame

Frame: http://149.102.147.59/inicio/2vnatudcv8/index_files/anchor.html
Frame ID: 2CD8BD853849D10D34A1427475EDD4AF
Requests: 3 HTTP requests in this frame

Frame: http://149.102.147.59/inicio/2vnatudcv8/index_files/saved_resource.html
Frame ID: 19502C47E9D0009B9E31D1D497F54624
Requests: 1 HTTP requests in this frame

Frame: http://149.102.147.59/inicio/2vnatudcv8/index_files/bframe.html
Frame ID: 0F2C41BAF2D89ADCAA48126EA6E5E314
Requests: 8 HTTP requests in this frame

Frame: http://149.102.147.59/inicio/2vnatudcv8/index_files/saved_resource(1).html
Frame ID: AB2F6D53BA9B2885CDD1D06DD859F3A5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cartões Renner

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

28 %
HTTPS

60 %
IPv6

8
Domains

9
Subdomains

10
IPs

4
Countries

2050 kB
Transfer

6366 kB
Size

11
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.realizesolucoesfinanceiras.com.br/site/

Search URL Search Domain Scan URL

URL: http://www.lojasrenner.com.br/
Title: ir para a loja virtual

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/
Title: Sair

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/en/policies/privacy/
Title: Termos

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/en/policies/terms/
Title: Privacidade

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/login/portal-negociacao
Title: conheça o portal de negociação

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=br.com.lojasrenner&hl=pt-BR

Search URL Search Domain Scan URL

URL: https://apps.apple.com/br/app/lojas-renner-roupas-perfumes/id567763947

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/cartao_renner/
Title: Cartão Renner

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/meu-cartao/
Title: Meu Cartão

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/app_cartao_renner/
Title: Quero Cartão Renner

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/contato
Title: Contato

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/institucional
Title: Institucional

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/duvidas-frequentes/cartao-renner
Title: Cartão Renner

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/duvidas-frequentes/meu-cartao
Title: Meu Cartão

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/perguntas-frequentes
Title: Saque Rápido e Seguros

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/images/relatorio-governanca/download/2d74c7a135c98327b39e82f8638a6437.pdf
Title: Privacidade e Segurança

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/site/central-negociacao
Title: Central de Negociação

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/login
Title: Acessa Sua Conta

Search URL Search Domain Scan URL

URL: https://rennerchat.flexcontact.com.br/RennerChat_DeficientesAuditivos/
Title: Para acessar o canal de atendimento por vídeo, clique aqui.

Search URL Search Domain Scan URL

URL: https://wa.me/555139214004?text=Oi,%20Clara
Title: +55 (51) 3921 4004

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/uploads/institucional_cadastro/20/AtendimentoAuditivosFala.pdf
Title: Orientações para Representantes de Deficientes Auditivos ou de Fala

Search URL Search Domain Scan URL

URL: https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/5139215464
Title: +55 (51) 3921 5464

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.php Show response
149.102.147.59/inicio/2vnatudcv8/ 550 KB
75 KB 431ms
406ms Document
text/html 149.102.147.59
CONTABO

General

Domain/Path	Expires	Name / Value
149.102.147.59/	1969-12-31 23:59:59	Name: PHPSESSID Value: ps3nisrl4o5qs5u69iqqcngti5
149.102.147.59/	1970-01-20 21:40:13	Name: rxVisitor Value: 16850532688260T3RKS0J9CJRGRHNE9O8IM85ODIQ13UP
149.102.147.59/	1969-12-31 23:59:59	Name: dtLatC Value: 13
149.102.147.59/	1969-12-31 23:59:59	Name: dtSa Value: -
149.102.147.59/	1970-01-20 21:40:13	Name: _pm_id Value: 549001685053268965
149.102.147.59/	1970-01-20 12:04:15	Name: _pm_sid Value: 067701685053268967
149.102.147.59/	1970-01-20 21:40:13	Name: _ga Value: GA1.1.1104607381.1685053269
149.102.147.59/	1970-01-20 12:05:39	Name: _gid Value: GA1.1.1818157718.1685053269
149.102.147.59/	1969-12-31 23:59:59	Name: rxvt Value: 1685055069837\|1685053268829
149.102.147.59/	1969-12-31 23:59:59	Name: dtPC Value: -26$253268823_916h-vIAAWJWKDMMPNCCAGDFFTCLFUEPPHMIVC-0e0
149.102.147.59/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_2_sn_1LDEGR45OBRNBEC69PGLQF0ESICUFIO6_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0

Source	Level	URL Text
network	error	URL: http://149.102.147.59/cartoes-renner/vectors/whatsapp.svg#whatsapp Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://149.102.147.59/cartoes-renner/vectors/bg-login.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	warning	URL: http://149.102.147.59/inicio/2vnatudcv8/index_files/anchor.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: http://149.102.147.59/ruxitagentjs_D_10265230425083909.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://149.102.147.59/ruxitagentjs_D_10265230425083909.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	warning	URL: http://149.102.147.59/inicio/2vnatudcv8/index_files/bframe.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: http://149.102.147.59/cartoes-renner/vectors/bg-login.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: http://149.102.147.59/inicio/2vnatudcv8/index_files/recaptcha__pt_br.js.transferir(Line 38) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.google.com') does not match the recipient window's origin ('http://149.102.147.59').

149.102.147.59 Open in urlscan Pro 149.102.147.59 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

47 Requests

28 %HTTPS

60 %IPv6

8 Domains

9 Subdomains

10 IPs

4 Countries

2050 kBTransfer

6366 kBSize

11 Cookies

23 Outgoing links

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

149.102.147.59 Open in urlscan Pro
149.102.147.59 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

28 %
HTTPS

60 %
IPv6

8
Domains

9
Subdomains

10
IPs

4
Countries

2050 kB
Transfer

6366 kB
Size

11
Cookies

47 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!