www10-sfert0ferttasd0dia.com Open in urlscan Pro
35.192.202.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/?cart=NjEwNjUxOTM4
Submission: On February 18 via manual (February 18th 2020, 4:31:34 pm UTC) from BR

Summary HTTP 138 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 9 domains to perform 138 HTTP transactions. The main IP is 35.192.202.234, located in United States and belongs to GOOGLE, US. The main domain is www10-sfert0ferttasd0dia.com.

This is the only time www10-sfert0ferttasd0dia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lojas Americanas (Retail)

Domain & IP information

	IP Address	AS Autonomous System
116	35.192.202.234 35.192.202.234	15169 (GOOGLE) (GOOGLE)
4	92.122.254.10 92.122.254.10	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:10c... 2a02:26f0:10c:38a::19fe	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	13.35.253.25 13.35.253.25	16509 (AMAZON-02) (AMAZON-02)
2	18.215.35.124 18.215.35.124	14618 (AMAZON-AES) (AMAZON-AES)
1 3	13.35.253.57 13.35.253.57	16509 (AMAZON-02) (AMAZON-02)
2 2	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
1	54.91.24.155 54.91.24.155	14618 (AMAZON-AES) (AMAZON-AES)
1 2	162.247.242.21 162.247.242.21	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
5	100.24.81.90 100.24.81.90	14618 (AMAZON-AES) (AMAZON-AES)
138	13

116 35.192.202.234 (United States)

ASN15169 (GOOGLE, US)
PTR: 234.202.192.35.bc.googleusercontent.com

www10-sfert0ferttasd0dia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 92.122.254.10 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-254-10.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:38a::19fe (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

images-americanas.b2w.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.25 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-25.fra6.r.cloudfront.net

ed925ef03c80.cdn4.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.215.35.124 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-35-124.compute-1.amazonaws.com

cdn3.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.57 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-57.fra6.r.cloudfront.net

cdn9.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f134.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.91.24.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-91-24-155.compute-1.amazonaws.com

a5ac75563dac4793afa1bfd767945e17-ed925ef03c80.cdn.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.21 (San Francisco, United States) 1 redirects

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-9.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 100.24.81.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-81-90.compute-1.amazonaws.com

cdn0.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
116	www10-sfert0ferttasd0dia.com www10-sfert0ferttasd0dia.com	825 KB
12	forter.com 1 redirects ed925ef03c80.cdn4.forter.com cdn3.forter.com cdn9.forter.com a5ac75563dac4793afa1bfd767945e17-ed925ef03c80.cdn.forter.com cdn0.forter.com	57 KB
4	adobedtm.com assets.adobedtm.com	69 KB
2	nr-data.net 1 redirects bam.nr-data.net	885 B
2	doubleclick.net 2 redirects ad.doubleclick.net	1 KB
1	newrelic.com js-agent.newrelic.com	9 KB
1	google.com adservice.google.com	109 B
1	jquery.com code.jquery.com	24 KB
1	b2w.io images-americanas.b2w.io	284 KB
138	9

	Domain	Requested by
116	www10-sfert0ferttasd0dia.com	www10-sfert0ferttasd0dia.com
5	cdn0.forter.com	www10-sfert0ferttasd0dia.com
4	assets.adobedtm.com	www10-sfert0ferttasd0dia.com assets.adobedtm.com
3	cdn9.forter.com	1 redirects www10-sfert0ferttasd0dia.com
2	bam.nr-data.net	1 redirects
2	ad.doubleclick.net	2 redirects
2	cdn3.forter.com
1	a5ac75563dac4793afa1bfd767945e17-ed925ef03c80.cdn.forter.com
1	js-agent.newrelic.com	www10-sfert0ferttasd0dia.com
1	adservice.google.com	www10-sfert0ferttasd0dia.com
1	ed925ef03c80.cdn4.forter.com	assets.adobedtm.com
1	code.jquery.com	www10-sfert0ferttasd0dia.com
1	images-americanas.b2w.io	www10-sfert0ferttasd0dia.com
138	13

This site contains links to these domains. Also see Links.

Domain
www.americanas.com.br
sacola.americanas.com.br
cliente.americanas.com.br
minhaconta.americanas.com.br

Subject Issuer	Validity	Valid
b2wdigital.com DigiCert SHA2 Secure Server CA	`2019-12-12` - `2021-03-12`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.cdn4.forter.com DigiCert SHA2 Secure Server CA	`2018-08-27` - `2020-10-27`	2 years	crt.sh
cdn3.forter.com DigiCert SHA2 Secure Server CA	`2019-03-24` - `2021-06-16`	2 years	crt.sh
cdn9.forter.com Amazon	`2019-06-25` - `2020-07-25`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.cdn.forter.com DigiCert SHA2 Secure Server CA	`2018-04-11` - `2020-06-19`	2 years	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
cdn0.forter.com DigiCert SHA2 Secure Server CA	`2019-03-11` - `2021-05-14`	2 years	crt.sh

This page contains 12 frames:

Primary Page: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/?cart=NjEwNjUxOTM4
Frame ID: 4CB9E1680C6A7D82FD06676FF88B0C5E
Requests: 35 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/cage-2.0.1(1).html
Frame ID: 306798997C2F1130C41FCB61D7CED591
Requests: 44 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/cage-2.0.1(2).html
Frame ID: 4CEF47690F08F02745D10EC751364800
Requests: 31 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/cage-2.0.1(3).html
Frame ID: 6EC3465484473C72F31D166EEFF3DD64
Requests: 8 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/cage-2.0.1(4).html
Frame ID: 93276B1E68A27B0AE855088201B0B425
Requests: 3 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/dest5.html
Frame ID: B87FE93D28B721CDCE779030551C8599
Requests: 1 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/cage-2.0.1(5).html
Frame ID: 458D3E3FF1B154CB2F26B21E15F2C56E
Requests: 2 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/DirectNewRtg.html
Frame ID: 061F129A2DE061ACA382F3150A265813
Requests: 5 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/UCookieSetPug.html
Frame ID: 1AD3A8484208A03EA7B483FA699177E9
Requests: 1 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/pixel.html
Frame ID: 84E9BC112381A29A4BD21A0A166C0A89
Requests: 2 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/saved_resource.html
Frame ID: 20E0D28FCC95F0C8B307855AEE445904
Requests: 4 HTTP requests in this frame

Frame: http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/shopping_files/fp.html
Frame ID: F68FBC4C02246C72D0D4D6FFF47905A8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

138
Requests

11 %
HTTPS

23 %
IPv6

9
Domains

13
Subdomains

13
IPs

4
Countries

1268 kB
Transfer

1544 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.americanas.com.br/
Title: Americanas.com

Search URL Search Domain Scan URL

URL: https://sacola.americanas.com.br/simple-basket/?cartId=56a09391-4409-4e4e-adf5-cf3b0a0a1e69
Title: Cancelar Cancelar

Search URL Search Domain Scan URL

URL: https://cliente.americanas.com.br/simple-login/?next=https%3A%2F%2Fsacola.americanas.com.br%2Fsimple-basket%2F%3FcartId%3D56a09391-4409-4e4e-adf5-cf3b0a0a1e69
Title: Entrar

Search URL Search Domain Scan URL

URL: https://cliente.americanas.com.br/simple-login/cadastro/pf?next=https%3A%2F%2Fsacola.americanas.com.br%2Fsimple-basket%2F%3FcartId%3D56a09391-4409-4e4e-adf5-cf3b0a0a1e69
Title: Cliente novo? Cadastrar

Search URL Search Domain Scan URL

URL: https://minhaconta.americanas.com.br/#/account/home
Title: Minha conta

Search URL Search Domain Scan URL

URL: https://minhaconta.americanas.com.br/#/orders/home
Title: Meus pedidos

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81

https://cdn9.forter.com/vchk2 HTTP 301
https://cdn9.forter.com/vchk2/v1/2fba0bc83b4f297d3e70e34918a90fbca1e5cf0a7cde1262bee1685bba91c313ac7f48c6611753e4ddf74dd1aa77

Request Chain 126

https://ad.doubleclick.net/ddm/activity/src=4953818;type=acom_0;cat=carri0;u1=carrinho;u2=Fritadeira%20El%C3%A9trica%20Sem%20%C3%93leo%20-%20Air%20Fryer%20Mondial%20AF-25%20Family%20Inox%20II%204%20L%20Preta%20com%20Timer%20127V%7CJogo%20de%20Panelas%205%20pe%C3%A7as%20Antiaderente%20Vermelha%20+%20Kit%20Tigelas%206%20Pe%C3%A7as%20Vermelho%20+%20Utens%C3%ADlios%204%20Pe%C3%A7as%20Vermelho;u3=133659765%7C134341855;u4=249.99%7C159.99;u5=204;u6=10009105%7C10000058;u8=20004416%7C20002803;u9=;u11=;u12=2;u13=409.98;u15=sacola.americanas.com.br/simple-basket/;ord=5954766671104.896 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4953818;dc_pre=COu-6ZvD2-cCFZbydwodNIsLDg;type=acom_0;cat=carri0;u1=carrinho;u2=Fritadeira%20El%C3%A9trica%20Sem%20%C3%93leo%20-%20Air%20Fryer%20Mondial%20AF-25%20Family%20Inox%20II%204%20L%20Preta%20com%20Timer%20127V%7CJogo%20de%20Panelas%205%20pe%C3%A7as%20Antiaderente%20Vermelha%20+%20Kit%20Tigelas%206%20Pe%C3%A7as%20Vermelho%20+%20Utens%C3%ADlios%204%20Pe%C3%A7as%20Vermelho;u3=133659765%7C134341855;u4=249.99%7C159.99;u5=204;u6=10009105%7C10000058;u8=20004416%7C20002803;u9=;u11=;u12=2;u13=409.98;u15=sacola.americanas.com.br/simple-basket/;ord=5954766671104.896 HTTP 302
https://adservice.google.com/ddm/fls/z/src=4953818;dc_pre=COu-6ZvD2-cCFZbydwodNIsLDg;type=acom_0;cat=carri0;u1=carrinho;u2=Fritadeira%20El%C3%A9trica%20Sem%20%C3%93leo%20-%20Air%20Fryer%20Mondial%20AF-25%20Family%20Inox%20II%204%20L%20Preta%20com%20Timer%20127V%7CJogo%20de%20Panelas%205%20pe%C3%A7as%20Antiaderente%20Vermelha%20+%20Kit%20Tigelas%206%20Pe%C3%A7as%20Vermelho%20+%20Utens%C3%ADlios%204%20Pe%C3%A7as%20Vermelho;u3=133659765%7C134341855;u4=249.99%7C159.99;u5=204;u6=10009105%7C10000058;u8=20004416%7C20002803;u9=;u11=;u12=2;u13=409.98;u15=sacola.americanas.com.br/simple-basket/;ord=5954766671104.896

Request Chain 130

http://bam.nr-data.net/1/0699e41a46?a=26465470&sa=1&v=974.7d740e1&t=Unnamed%20Transaction&rst=5105&ref=http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/&be=752&fe=4286&dc=989&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1582043472508,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:229,%22c%22:229,%22ce%22:242,%22rq%22:242,%22rp%22:500,%22rpe%22:835,%22dl%22:501,%22di%22:1741,%22ds%22:1741,%22de%22:1743,%22dc%22:5038,%22l%22:5038,%22le%22:5039%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP 302
https://bam.nr-data.net/1/0699e41a46?a=26465470&sa=1&v=974.7d740e1&t=Unnamed%20Transaction&rst=5105&ref=http://www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/&be=752&fe=4286&dc=989&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1582043472508,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:229,%22c%22:229,%22ce%22:242,%22rq%22:242,%22rp%22:500,%22rpe%22:835,%22dl%22:501,%22di%22:1741,%22ds%22:1741,%22de%22:1743,%22dc%22:5038,%22l%22:5038,%22le%22:5039%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken

138 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www10-sfert0ferttasd0dia.com/7be48e5b917439b43705842063bd6b493/shopp/ 155 KB
156 KB 499ms
257ms Document
text/html 35.192.202.234
GOOGLE

General

www10-sfert0ferttasd0dia.com Open in urlscan Pro 35.192.202.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

138 Requests

11 %HTTPS

23 %IPv6

9 Domains

13 Subdomains

13 IPs

4 Countries

1268 kBTransfer

1544 kBSize

0 Cookies

6 Outgoing links

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www10-sfert0ferttasd0dia.com Open in urlscan Pro
35.192.202.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

11 %
HTTPS

23 %
IPv6

9
Domains

13
Subdomains

13
IPs

4
Countries

1268 kB
Transfer

1544 kB
Size

0
Cookies

138 HTTP transactions
0 data transactions