realizesolucoesfinanceiras.cfd Open in urlscan Pro
2606:4700:3035::6815:66c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://realizesolucoesfinanceiras.cfd/
Effective URL:
https://realizesolucoesfinanceiras.cfd/
Submission Tags: suspect
Submission: On October 26 via api (October 26th 2024, 4:59:01 pm UTC) from BR — Scanned from US

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3035::6815:66c, located in United States and belongs to CLOUDFLARENET, US. The main domain is realizesolucoesfinanceiras.cfd.
TLS certificate: Issued by WE1 on October 25th 2024. Valid for: 3 months.

This is the only time realizesolucoesfinanceiras.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Realize (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3035::6815:66c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:400d:c03::5f	15169 (GOOGLE) (GOOGLE)
9	200.178.91.198 200.178.91.198	4230 (CLARO S.A.) (CLARO S.A.)
3	2607:f8b0:400... 2607:f8b0:400d:c07::5e	15169 (GOOGLE) (GOOGLE)
18	5

4 2606:4700:3035::6815:66c (United States)

ASN13335 (CLOUDFLARENET, US)

realizesolucoesfinanceiras.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c03::5f (Morganton, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 200.178.91.198 (São Paulo, Brazil)

ASN4230 (CLARO S.A., BR)

www.realizesolucoesfinanceiras.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c07::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	realizesolucoesfinanceiras.com.br www.realizesolucoesfinanceiras.com.br	197 KB
4	realizesolucoesfinanceiras.cfd realizesolucoesfinanceiras.cfd	9 KB
3	gstatic.com fonts.gstatic.com	39 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	14 KB
18	5

	Domain	Requested by
9	www.realizesolucoesfinanceiras.com.br	realizesolucoesfinanceiras.cfd
4	realizesolucoesfinanceiras.cfd	realizesolucoesfinanceiras.cfd
3	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	realizesolucoesfinanceiras.cfd
1	cdn.jsdelivr.net	realizesolucoesfinanceiras.cfd
18	5

This site contains links to these domains. Also see Links.

Domain
wa.me

Subject Issuer	Validity	Valid
realizesolucoesfinanceiras.cfd WE1	`2024-10-25` - `2025-01-23`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.realizesolucoesfinanceiras.com.br Sectigo RSA Domain Validation Secure Server CA	`2024-02-22` - `2025-03-24`	a year	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://realizesolucoesfinanceiras.cfd/
Frame ID: EB987599E466301C480E8F3D28671363
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cartões Renner

Page URL History Show full URLs

http://realizesolucoesfinanceiras.cfd/ HTTP 307
https://realizesolucoesfinanceiras.cfd/ Page URL

Detected technologies

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

18
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

261 kB
Transfer

332 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://wa.me/555139214004?text=Oi,%20Clara
Title: +55 51 3921 4004

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://realizesolucoesfinanceiras.cfd/ HTTP 307
https://realizesolucoesfinanceiras.cfd/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
realizesolucoesfinanceiras.cfd/
Redirect Chain

http://realizesolucoesfinanceiras.cfd/
https://realizesolucoesfinanceiras.cfd/

23 KB
7 KB

480ms
299ms

Document
text/html

2606:4700:3035::6815:66c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://realizesolucoesfinanceiras.cfd/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:66c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 13c41526509e4509c9592889adcac4856202c6fce26486e08e6dc179c97316d3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8d8bfe584d436a58-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 26 Oct 2024 16:58:51 GMT
last-modified: Fri, 25 Oct 2024 23:12:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F6UfozydFtdF4eL7my8UeujkVGUkZLh67k8lY9sNQ%2BSoG6o70CYyGGQ60kNgr1h3fxcia84Z7vGss2Fd7WWCYysRsfBwJ50VfSQfQTNdgUMaTKmvukTUdgSx3kGJ3D7en6qsoF7sHgdyrs%2B5NT65e2ygUt9tvh%2BRopcgb%2B0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=46695&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4222&recv_bytes=4392&delivery_rate=434&cwnd=12000&unsent_bytes=0&cid=4c64d143488128d3&ts=315&x=1" cfExtPri cfHdrFlush;dur=0
x-powered-by: Express

Redirect headers

Location: https://realizesolucoesfinanceiras.cfd/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
14 KB 209ms
47ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
age: 11132
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Sat, 26 Oct 2024 16:58:52 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220049-FRA, cache-ewr-kewr1740023-EWR
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13749
x-jsd-version: 3.4.2

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 263ms
80ms Stylesheet
text/css 2607:f8b0:400d:c03::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c03::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca52b18e849e52ebef1bb8100b191851c64c518c5a0ce635eedfa5e77f497d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 26 Oct 2024 16:58:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 26 Oct 2024 16:58:52 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H/1.1 200
OK logo-cartao-renner.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 2 KB
2 KB 1137ms
175ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/logo-cartao-renner.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

6689e38faae51702e7515f4b04b6af96e27946f6f7f1c7d8fb7228abd2d14233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-9e8"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK logo-meu-cartao.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 2 KB
2 KB 1134ms
173ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/logo-meu-cartao.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

86a9e40172ff3386dd13df4b292ea00cc04114bf18dc9c88f431d53cf192e2c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-991"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK google-play-badge-reverse.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 11 KB
5 KB 914ms
172ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/google-play-badge-reverse.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

e946d863a136a09089fd275d574ff3346bad8327d4ef378c06af35872d9fe56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-2a25"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK celular-login.png
www.realizesolucoesfinanceiras.com.br/cartoes-renner/images/ 152 KB
152 KB 912ms
170ms Image
image/png 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/images/celular-login.png

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

7db4ada57262fbacd47bef4e96e3cedda276b9267e6ca4d20adeeb1c24d870b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
ETag: "670eb910-25e28"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges: bytes
Content-Length: 155176
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
X-Frame-Options: deny

GET
H/1.1 200
OK google-play-badge.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 11 KB
5 KB 926ms
175ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/google-play-badge.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

8827f96ace2afe4aeff4c33db4ac86193f38a62cb30d9fbba949e0b72c2a55ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-2a22"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK app-store-badge.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 14 KB
4 KB 1092ms
172ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/app-store-badge.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

3dd08d21a5c010294a50355af3565a50d08ea4aef83e822114be29171209f109

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-37b6"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:53 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK canal-exclusivo-libras.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 17 KB
14 KB 175ms
173ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/canal-exclusivo-libras.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

dc51033500b4e6259061737823569a8631993956a85409edc0c8959e5bf9d577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-44b7"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:53 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H/1.1 200
OK canal-exclusivo-whatsapp.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 16 KB
12 KB 179ms
178ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/canal-exclusivo-whatsapp.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

d62b3a06d96397a70c2c32e65db326dfefaac37e8ac321351008836068a53177

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-3e9c"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:53 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H3 200 script.js Show response
realizesolucoesfinanceiras.cfd/js/ 4 KB
2 KB 298ms
297ms Script
application/javascript 2606:4700:3035::6815:66c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://realizesolucoesfinanceiras.cfd/js/script.js
Requested by: Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:66c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8fcb50f17cbe73a347a398c26f1716572dbe499386b3a064a5e5394f49ad31ae

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin: https://realizesolucoesfinanceiras.cfd
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

content-encoding: br
cf-cache-status: MISS
etag: W/"1014-192c5f3b3c2"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lv5dZP9jsxLz5l0AA%2F3XNCrYgbGqEBpjc72QJTS5QwM6NkwLhzdbSUvnFzYdRFKXl6M337OyfqYv5JJhl1MAjtrv9R6EAF3Onjr9GXOVlmyGXweYv1eNBvEjIZxlk4qQmacC4QhqSbFjiEmRCKS0FjhjjEnnkv%2FZFzIBq7I%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=46008&sent=22&recv=15&lost=0&retrans=0&sent_bytes=11262&recv_bytes=5184&delivery_rate=59257&cwnd=12000&unsent_bytes=0&cid=4c64d143488128d3&ts=735&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 16:58:52 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 25 Oct 2024 23:12:15 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d8bfe5aefa26a58-EWR
x-powered-by: Express
server: cloudflare

GET
H3 404 whatsapp.svg
realizesolucoesfinanceiras.cfd/cartoes-renner/vectors/ 0
0 302ms
301ms Other
text/html 2606:4700:3035::6815:66c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://realizesolucoesfinanceiras.cfd/cartoes-renner/vectors/whatsapp.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:66c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9JOP%2BFgCq1EaILrpIHQaVkxErVrsO1xnPobryw64gOEy4SrRnAaNyYcqchu5D%2FaOPHLUvwBzDbGGUEXrhe110oZLkA2mDvLp3LwxsPUePnjmRKHkPuYTtqE6W1s4fPUUMlRF1EE%2FOzszfPlz5vWfQPIdidgw70Q4Ong6Ig%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=45270&sent=24&recv=16&lost=0&retrans=0&sent_bytes=13313&recv_bytes=5227&delivery_rate=6945&cwnd=12000&unsent_bytes=0&cid=4c64d143488128d3&ts=857&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 16:58:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
priority: u=3,i
content-security-policy: default-src 'none'
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d8bfe5ba8716a58-EWR
x-powered-by: Express
server: cloudflare

GET
H/1.1 200
OK bg-login.svg
www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/ 664 B
1 KB 797ms
175ms Image
image/svg+xml 200.178.91.198
CLARO S.A.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.realizesolucoesfinanceiras.com.br/cartoes-renner/vectors/bg-login.svg

Requested by

Host: realizesolucoesfinanceiras.cfd
URL: https://realizesolucoesfinanceiras.cfd/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.178.91.198 São Paulo, Brazil, ASN4230 (CLARO S.A., BR),

Reverse DNS

Software

Resource Hash

3bb71cec41dd0b3c5782f72d32b1b028fdc9558f0acace778d1a2c312d50f382

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=315360000
Content-Encoding: gzip
ETag: W/"670eb910-298"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Date: Sat, 26 Oct 2024 16:58:52 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Oct 2024 18:48:48 GMT
Vary: Accept-Encoding
X-Frame-Options: deny

GET
H3 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
13 KB 162ms
54ms Font
font/woff2 2607:f8b0:400d:c07::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin: https://realizesolucoesfinanceiras.cfd
Referer: https://fonts.googleapis.com/

Response headers

age: 251127
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 19:13:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 23 Oct 2024 19:13:25 GMT
last-modified: Thu, 01 Aug 2024 20:41:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13388
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
13 KB 165ms
58ms Font
font/woff2 2607:f8b0:400d:c07::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin: https://realizesolucoesfinanceiras.cfd
Referer: https://fonts.googleapis.com/

Response headers

age: 315130
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 01:26:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 23 Oct 2024 01:26:42 GMT
last-modified: Thu, 01 Aug 2024 20:41:26 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13408
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
13 KB 181ms
74ms Font
font/woff2 2607:f8b0:400d:c07::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a70c2bc728eb261ac55c2ff878249947bcd3a9d8827d94e63fbdd8fe67156986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin: https://realizesolucoesfinanceiras.cfd
Referer: https://fonts.googleapis.com/

Response headers

age: 251126
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 19:13:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 23 Oct 2024 19:13:26 GMT
last-modified: Thu, 01 Aug 2024 20:41:20 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13528
x-xss-protection: 0
server: sffe

GET
H3 404 favicon.ico
realizesolucoesfinanceiras.cfd/ 150 B
787 B 297ms
297ms Other
text/html 2606:4700:3035::6815:66c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://realizesolucoesfinanceiras.cfd/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:66c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer: https://realizesolucoesfinanceiras.cfd/

Response headers

content-encoding: br
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qVuc%2BV%2FSbn%2BE6izyB9J%2Bu5PMSSV%2BWa9qcvm8%2F%2BXrIKnm1bSnlYb8ooV3dtIG32%2BvBn%2BU41Z1yk56VTgfoV4JDKI4WW%2F7MDc2xfktDGLFrIIjj44l2aYcpXQLTBd4yNGnCZ1woSncuB6X0hH0ptXSPcjZk62ijP0PbWsesZ8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=47730&sent=26&recv=18&lost=0&retrans=0&sent_bytes=14153&recv_bytes=5608&delivery_rate=12562&cwnd=12000&unsent_bytes=0&cid=4c64d143488128d3&ts=2203&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 16:58:53 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
priority: u=1,i
content-security-policy: default-src 'none'
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d8bfe6419686a58-EWR
x-powered-by: Express
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Realize (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FingerprintJS

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://realizesolucoesfinanceiras.cfd/cartoes-renner/vectors/whatsapp.svg#whatsapp Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://realizesolucoesfinanceiras.cfd/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
realizesolucoesfinanceiras.cfd
www.realizesolucoesfinanceiras.com.br
200.178.91.198
2606:4700:3035::6815:66c
2607:f8b0:400d:c03::5f
2607:f8b0:400d:c07::5e
2a04:4e42:600::485
0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a
13c41526509e4509c9592889adcac4856202c6fce26486e08e6dc179c97316d3
3bb71cec41dd0b3c5782f72d32b1b028fdc9558f0acace778d1a2c312d50f382
3dd08d21a5c010294a50355af3565a50d08ea4aef83e822114be29171209f109
6689e38faae51702e7515f4b04b6af96e27946f6f7f1c7d8fb7228abd2d14233
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
7db4ada57262fbacd47bef4e96e3cedda276b9267e6ca4d20adeeb1c24d870b6
86a9e40172ff3386dd13df4b292ea00cc04114bf18dc9c88f431d53cf192e2c6
8827f96ace2afe4aeff4c33db4ac86193f38a62cb30d9fbba949e0b72c2a55ff
8fcb50f17cbe73a347a398c26f1716572dbe499386b3a064a5e5394f49ad31ae
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
a70c2bc728eb261ac55c2ff878249947bcd3a9d8827d94e63fbdd8fe67156986
bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0
ca52b18e849e52ebef1bb8100b191851c64c518c5a0ce635eedfa5e77f497d1c
d62b3a06d96397a70c2c32e65db326dfefaac37e8ac321351008836068a53177
dc51033500b4e6259061737823569a8631993956a85409edc0c8959e5bf9d577
e946d863a136a09089fd275d574ff3346bad8327d4ef378c06af35872d9fe56d

realizesolucoesfinanceiras.cfd Open in urlscan Pro 2606:4700:3035::6815:66c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

261 kBTransfer

332 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

realizesolucoesfinanceiras.cfd Open in urlscan Pro
2606:4700:3035::6815:66c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

261 kB
Transfer

332 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!