consulta2via.info Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://consulta2via.info/consultar/mg.login.php
Submission: On November 26 via automatic, source openphish (November 26th 2022, 1:37:48 am UTC) — Scanned from NL

Summary HTTP 71 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 71 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is consulta2via.info.
TLS certificate: Issued by GTS CA 1P5 on November 7th 2022. Valid for: 3 months.

This is the only time consulta2via.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Magazine Luiza (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
44	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
3 3	34.230.201.103 34.230.201.103	14618 (AMAZON-AES) (AMAZON-AES)
3 3	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	52.30.146.240 52.30.146.240	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	3.248.128.54 3.248.128.54	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:ff3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.49.181.242 52.49.181.242	16509 (AMAZON-02) (AMAZON-02)
71	14

44 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

consulta2via.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.230.201.103 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-201-103.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.146.240 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-146-240.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.128.54 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-128-54.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:ff3 (United States)

ASN13335 (CLOUDFLARENET, US)

sync.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.181.242 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-181-242.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	consulta2via.info consulta2via.info	257 KB
10	gstatic.com www.gstatic.com fonts.gstatic.com	579 KB
9	krxd.net 3 redirects cdn.krxd.net — Cisco Umbrella Rank: 1758 consumer.krxd.net — Cisco Umbrella Rank: 2460 usermatch.krxd.net — Cisco Umbrella Rank: 1292 beacon.krxd.net — Cisco Umbrella Rank: 539	96 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	24 KB
3	doubleclick.net 3 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 207	686 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 189	2 KB
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 754	265 B
1	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1242	162 B
1	navdmp.com sync.navdmp.com — Cisco Umbrella Rank: 9090	133 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 497	427 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 333	449 B
0	ixiaa.com Failed kr.ixiaa.com Failed
71	12

	Domain	Requested by
44	consulta2via.info	consulta2via.info
7	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	consulta2via.info www.gstatic.com www.google.com
3	cm.g.doubleclick.net	3 redirects
3	usermatch.krxd.net	3 redirects
3	fonts.gstatic.com	www.google.com
3	cdn.krxd.net	consulta2via.info cdn.krxd.net
2	dpm.demdex.net	1 redirects consulta2via.info
2	beacon.krxd.net	consulta2via.info
1	sync.crwdcntrl.net	consulta2via.info
1	sync.teads.tv	consulta2via.info
1	sync.navdmp.com	consulta2via.info
1	stags.bluekai.com	consulta2via.info
1	idsync.rlcdn.com	consulta2via.info
1	consumer.krxd.net	cdn.krxd.net
0	kr.ixiaa.com Failed	consulta2via.info
71	16

This site contains links to these domains. Also see Links.

Domain
especiais.magazineluiza.com.br

Subject Issuer	Validity	Valid
*.consulta2via.info GTS CA 1P5	`2022-11-07` - `2023-02-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
cdn.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-26` - `2023-10-25`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-08` - `2023-06-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://consulta2via.info/consultar/mg.login.php
Frame ID: 0355FBD5EB6FA61BD0A493EC0508684D
Requests: 46 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LerjR8dAAAAABFnTK8TfsSnWxUmp22OEvcV00ai&co=aHR0cHM6Ly93d3cuaXRhdS5jb20uYnI6NDQz&hl=en&v=Ixi5IiChXmIG6rRkjUa1qXHT&size=invisible&cb=4tbnxrnupcyi
Frame ID: 420178EF50415382AD49597AB43D8D68
Requests: 7 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 13042238EA4829821DE8BA21F5221FA7
Requests: 13 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LerjR8dAAAAABFnTK8TfsSnWxUmp22OEvcV00ai&co=aHR0cHM6Ly9jb25zdWx0YTJ2aWEuaW5mbzo0NDM.&hl=nl&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=otnc1tegxcyw
Frame ID: 9211229824A36BA870D0809EB516EB32
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Consulte sua Fatura

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

<div class="[^"]*aem-Grid

Cart Functionality (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

<a[^>]*href=[^>]*/Cart

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

71
Requests

92 %
HTTPS

33 %
IPv6

12
Domains

16
Subdomains

14
IPs

3
Countries

957 kB
Transfer

3865 kB
Size

8
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://especiais.magazineluiza.com.br/cartao-luiza/#sobre
Title: sobre o cartão

Search URL Search Domain Scan URL

URL: https://especiais.magazineluiza.com.br/cartao-luiza#ajuda
Title: precisa de ajuda?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://usermatch.krxd.net/um/v2?partner=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=UE9KTjFhYkY HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEOLWIh5gbEaf-sGVcSugwsk&google_cver=1

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=UE9KTjFhYkY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm=&google_hm=UE9KTjFhYkY&google_tc= HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEMcolpcqtXFj2wBuxI2i5X4&google_cver=1

Request Chain 56

https://dpm.demdex.net/ibs:dpid=66757&&dpuuid=POJN1abF HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=66757&&dpuuid=POJN1abF

Request Chain 57

https://usermatch.krxd.net/um/v2?partner=navegg HTTP 302
https://sync.navdmp.com/sync?prtid=30&salid=POJN1abF

Request Chain 59

https://usermatch.krxd.net/um/v2?partner=teadspartner&gdpr=0 HTTP 302
https://sync.teads.tv/sf/sync?id=POJN1abF&gdpr=0

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request mg.login.php Show response
consulta2via.info/consultar/ 17 KB
6 KB 1380ms
1314ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
.krxd.net/	1970-01-20 12:02:58	Name: _kuid_ Value: POJN1abF
.rlcdn.com/	1970-01-20 16:29:22	Name: rlas3 Value: tvOu8C2CAHJuCmVnxRoloZrVd+gX9K4JAhyh49seSds=
.rlcdn.com/	1970-01-20 09:10:10	Name: pxrc Value: CAA=
.demdex.net/	1970-01-20 12:02:58	Name: demdex Value: 11637541196525274364091796629485299784
.dpm.demdex.net/	1970-01-20 12:02:58	Name: dpm Value: 11637541196525274364091796629485299784
.bluekai.com/	1970-01-20 12:04:25	Name: bku Value: 2VR99mP+QV1RgaTa
.bluekai.com/	1970-01-20 12:04:25	Name: bkpa Value: KJy9ayeGd02pSUHknp/t1pDlwtkAwPOwuAThRVJs9yOuq9qP
.doubleclick.net/	1970-01-20 17:05:22	Name: IDE Value: AHWqTUlOe4xbh457kTm8ejTGyqO-SStSwanFlK_v47zQi8c8A0KSVY8NNCbKhMK1FaQ

Source	Level	URL Text
network	error	URL: https://consulta2via.info/img/aplicativo-cartao-luiza-540x345.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/content/dam/itau/success.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/content/dam/itau/error.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js(Line 196) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.itau.com.br') does not match the recipient window's origin ('https://consulta2via.info').
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-base/resources/fonts/ItauText/ItauText_Rg.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kr.ixiaa.com/C726AB29-0470-440B-B8D2-D552CED3A3DC/a.gif Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauText/ItauText_Rg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=9164/TP=KRUX/tpid=POJN1abF Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauText/ItauText_Rg.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauText/ItauText_Rg.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://consulta2via.info/css/clientlib-vendor/spec-former/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()

consulta2via.info Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

71 Requests

92 %HTTPS

33 %IPv6

12 Domains

16 Subdomains

14 IPs

3 Countries

957 kBTransfer

3865 kBSize

8 Cookies

2 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

consulta2via.info Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

92 %
HTTPS

33 %
IPv6

12
Domains

16
Subdomains

14
IPs

3
Countries

957 kB
Transfer

3865 kB
Size

8
Cookies

71 HTTP transactions
0 data transactions