139c89c4.nutritasty.pt Open in urlscan Pro
156.59.66.254 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4
Submission: On June 20 via api (June 20th 2023, 12:33:36 pm UTC) from JP — Scanned from SG

Summary HTTP 3 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 156.59.66.254, located in Dhaka, Bangladesh and belongs to ZEN-ECN, US. The main domain is 139c89c4.nutritasty.pt.

This is the only time 139c89c4.nutritasty.pt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BW-Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3	156.59.66.254 156.59.66.254		21859 (ZEN-ECN) (ZEN-ECN)
3	2

3 156.59.66.254 (Dhaka, Bangladesh)

ASN21859 (ZEN-ECN, US)

139c89c4.nutritasty.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	nutritasty.pt 139c89c4.nutritasty.pt	4 MB
3	1

	Domain	Requested by
3	139c89c4.nutritasty.pt	139c89c4.nutritasty.pt
3	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4
Frame ID: 6DB2401E96040642CBCD38C3B1710FE0
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Online-Banking

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4154 kB
Transfer

4154 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 139c89c4.nutritasty.pt/	4 MB 4 MB	511ms 109ms	Document text/html	156.59.66.254 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4 Protocol HTTP/1.1 Server 156.59.66.254 Dhaka, Bangladesh, ASN21859 (ZEN-ECN, US), Reverse DNS Software Microsoft-IIS/10.0 / PHP/7.4.33 Resource Hash `3fab4487b17c7f972834e9b76f0205de504bfb483b3206bc5949c3daba3f3c59` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Content-Length 3900148 Content-Type text/html; charset=UTF-8 Date Tue, 20 Jun 2023 12:33:28 GMT Server Microsoft-IIS/10.0 X-Powered-By PHP/7.4.33
GET H/1.1	200 OK	lg1.svg 139c89c4.nutritasty.pt/file/	2 KB 2 KB	61ms 61ms	Image image/svg+xml	156.59.66.254 ZEN-ECN
General Check archive.org Show headers Download Go to Show image Full URL http://139c89c4.nutritasty.pt/file/lg1.svg Requested by Host: 139c89c4.nutritasty.pt URL: http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4 Protocol HTTP/1.1 Server 156.59.66.254 Dhaka, Bangladesh, ASN21859 (ZEN-ECN, US), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `28abb94feeb9c69563e7ae096f6940c1e4842a8669e39fbd8e19ae831a55d1b3` Request headers accept-language zh-SG,zh;q=0.9 Referer http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 12:33:30 GMT Last-Modified Fri, 16 Jun 2023 19:53:02 GMT Server Microsoft-IIS/10.0 Accept-Ranges bytes ETag "1496e7288ca0d91:0" Content-Length 1644 Content-Type image/svg+xml
GET H/1.1	200 OK	lg2.png 139c89c4.nutritasty.pt/file/	15 KB 16 KB	121ms 60ms	Image image/png	156.59.66.254 ZEN-ECN
General Check archive.org Show headers Download Go to Show image Full URL http://139c89c4.nutritasty.pt/file/lg2.png Requested by Host: 139c89c4.nutritasty.pt URL: http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4 Protocol HTTP/1.1 Server 156.59.66.254 Dhaka, Bangladesh, ASN21859 (ZEN-ECN, US), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `bd964f3665059fcb06470f662f2e18b623d37d0d475a0150aa64297479abf408` Request headers accept-language zh-SG,zh;q=0.9 Referer http://139c89c4.nutritasty.pt/?d1d4a&id=139c89c4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 12:33:30 GMT Last-Modified Fri, 16 Jun 2023 19:53:36 GMT Server Microsoft-IIS/10.0 Accept-Ranges bytes ETag "65e1633d8ca0d91:0" Content-Length 15666 Content-Type image/png
GET DATA	200 OK	truncated /	24 KB 24 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `43a2c75ca73d8c1101ff7ae617e6dbc6934e8aa1cd72d64ce50908ac297156cb` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	205 KB 205 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `20ff740483432f3e161edc6475ad1bbd337134f877f7b95acdae1c346bc6a8f7` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7b2888ded6c1e95affe8813aaba8fbcd060d774451c10afa71227616e9af159f` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9ae3f33664fc3b273913900b81d8812d5a6a3c098b86d93d1f0ec54259d9441d` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	24 KB 24 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0d764d392e1685a777c2740c836285ddf29fc29f29b63c19546baf104c2de3d5` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	25 KB 25 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `addffd48c2bb1fe1e4409899c79d5b2beca7d72c4d80575401091f09ab0eae52` Request headers Referer http://139c89c4.nutritasty.pt/ Origin http://139c89c4.nutritasty.pt accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BW-Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

139c89c4.nutritasty.pt
156.59.66.254
0d764d392e1685a777c2740c836285ddf29fc29f29b63c19546baf104c2de3d5
20ff740483432f3e161edc6475ad1bbd337134f877f7b95acdae1c346bc6a8f7
28abb94feeb9c69563e7ae096f6940c1e4842a8669e39fbd8e19ae831a55d1b3
3fab4487b17c7f972834e9b76f0205de504bfb483b3206bc5949c3daba3f3c59
43a2c75ca73d8c1101ff7ae617e6dbc6934e8aa1cd72d64ce50908ac297156cb
7b2888ded6c1e95affe8813aaba8fbcd060d774451c10afa71227616e9af159f
9ae3f33664fc3b273913900b81d8812d5a6a3c098b86d93d1f0ec54259d9441d
addffd48c2bb1fe1e4409899c79d5b2beca7d72c4d80575401091f09ab0eae52
bd964f3665059fcb06470f662f2e18b623d37d0d475a0150aa64297479abf408

139c89c4.nutritasty.pt Open in urlscan Pro 156.59.66.254 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

4154 kBTransfer

4154 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

139c89c4.nutritasty.pt Open in urlscan Pro
156.59.66.254 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4154 kB
Transfer

4154 kB
Size

0
Cookies

3 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!