lidereshop.com.br Open in urlscan Pro
108.179.252.94 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lidereshop.com.br/szp/red/
Submission: On June 10 via api (June 10th 2024, 10:10:24 am UTC) from FI — Scanned from JP

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 108.179.252.94, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is lidereshop.com.br.
TLS certificate: Issued by R3 on June 1st 2024. Valid for: 3 months.

This is the only time lidereshop.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SAKURA Internet (Online)

Domain & IP information

	IP Address		AS Autonomous System
1	108.179.252.94 108.179.252.94		19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2

1 108.179.252.94 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: srv158-ip05.prodns.com.br

lidereshop.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	lidereshop.com.br lidereshop.com.br	50 KB
1	1

	Domain	Requested by
1	lidereshop.com.br
1	1

This site contains no links.

Subject Issuer	Validity	Valid
*.elazz.com.br R3	`2024-06-01` - `2024-08-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lidereshop.com.br/szp/red/
Frame ID: 074A9BFEEE1E8BEFD38EFFC236B95AB9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

会員認証｜さくらインターネット

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

50 kB
Transfer

192 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response lidereshop.com.br/szp/red/	189 KB 50 KB	1290ms 298ms	Document text/html	108.179.252.94 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://lidereshop.com.br/szp/red/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 108.179.252.94 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS srv158-ip05.prodns.com.br Software Apache / Resource Hash `1f86ff7828f8609b790ed8c76fb4aa2a71d5642f7800dbe03a223149dd4e9cf9` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 10:10:19 GMT server Apache vary Accept-Encoding
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d1293448cfd6ca56dc36546c9065dc1b05d2b3e197c5ef8d0e9debcdd14fcda6` Request headers Accept-Language ja-JP,ja;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SAKURA Internet (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://lidereshop.com.br/szp/red/(Line 4) Message: <link rel=modulepreload> has no `href` value
recommendation	warning	URL: https://lidereshop.com.br/szp/red/ Message: [DOM] Found 2 elements with non-unique id #form_4144111589: (More info: https://goo.gl/9p2vKq) %o %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lidereshop.com.br
108.179.252.94
1f86ff7828f8609b790ed8c76fb4aa2a71d5642f7800dbe03a223149dd4e9cf9
d1293448cfd6ca56dc36546c9065dc1b05d2b3e197c5ef8d0e9debcdd14fcda6

lidereshop.com.br Open in urlscan Pro 108.179.252.94 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

50 kBTransfer

192 kBSize

0 Cookies

0 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

17 Console Messages

Indicators

lidereshop.com.br Open in urlscan Pro
108.179.252.94 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

50 kB
Transfer

192 kB
Size

0
Cookies

1 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!