payfast.greenn.com.br Open in urlscan Pro
2606:4700:10::6816:3c5a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://supercombo.isaiassancha.com/
Effective URL:
https://payfast.greenn.com.br/50386/offer/o2jHTn
Submission: On June 01 via api (June 1st 2024, 11:18:23 am UTC) from US — Scanned from DE

Summary HTTP 85 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 85 HTTP transactions. The main IP is 2606:4700:10::6816:3c5a, located in United States and belongs to CLOUDFLARENET, US. The main domain is payfast.greenn.com.br.
TLS certificate: Issued by E1 on May 25th 2024. Valid for: 3 months.

This is the only time payfast.greenn.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Visa (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.185.209.61 192.185.209.61	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1 71	2606:4700:10:... 2606:4700:10::6816:3c5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	162.243.189.2 162.243.189.2	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
6	2606:4700:10:... 2606:4700:10::ac43:1b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	3.87.229.10 3.87.229.10	14618 (AMAZON-AES) (AMAZON-AES)
85	10

1 192.185.209.61 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: br168-ip13.hostgator.com.br

supercombo.isaiassancha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 2606:4700:10::6816:3c5a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

payfast.greenn.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.243.189.2 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: nyc3.digitaloceanspaces.com

greenn.nyc3.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:10::ac43:1b1f (United States)

ASN13335 (CLOUDFLARENET, US)

apipay.greenn.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.87.229.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-87-229-10.compute-1.amazonaws.com

greenn.isaiassancha.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	greenn.com.br 1 redirects payfast.greenn.com.br apipay.greenn.com.br	1 MB
3	google.com www.google.com — Cisco Umbrella Rank: 2	947 B
2	gstatic.com fonts.gstatic.com www.gstatic.com	243 KB
1	isaiassancha.com.br greenn.isaiassancha.com.br
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 804	7 KB
1	digitaloceanspaces.com greenn.nyc3.digitaloceanspaces.com	29 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
1	isaiassancha.com 1 redirects supercombo.isaiassancha.com	114 B
85	8

	Domain	Requested by
71	payfast.greenn.com.br	1 redirects payfast.greenn.com.br
6	apipay.greenn.com.br	payfast.greenn.com.br
3	www.google.com	payfast.greenn.com.br www.gstatic.com
1	greenn.isaiassancha.com.br	payfast.greenn.com.br
1	www.gstatic.com	www.google.com
1	fonts.gstatic.com	fonts.googleapis.com
1	static.cloudflareinsights.com	payfast.greenn.com.br
1	greenn.nyc3.digitaloceanspaces.com	payfast.greenn.com.br
1	fonts.googleapis.com	payfast.greenn.com.br
1	supercombo.isaiassancha.com	1 redirects
85	10

This site contains links to these domains. Also see Links.

Domain
greenn.com.br
policies.google.com

Subject Issuer	Validity	Valid
payfast.greenn.com.br E1	`2024-05-25` - `2024-08-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.nyc3.digitaloceanspaces.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-15` - `2025-05-31`	a year	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
apipay.greenn.com.br E1	`2024-05-25` - `2024-08-23`	3 months	crt.sh
*.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
greenn.isaiassancha.com.br ZeroSSL RSA Domain Secure Site CA	`2024-04-11` - `2024-07-10`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://payfast.greenn.com.br/50386/offer/o2jHTn
Frame ID: DFCC80B7C1542D5894D8322BBD7AC84C
Requests: 88 HTTP requests in this frame

Frame: https://payfast.greenn.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
Frame ID: B7871DDDC28C0113BCCE6BADC78FCEC8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfdvFocAAAAANnEesyQdg1VuccEk0ZUYzWiqU-W&co=aHR0cHM6Ly9wYXlmYXN0LmdyZWVubi5jb20uYnI6NDQz&hl=de&v=DH3nyJMamEclyfe-nztbfV8S&size=invisible&cb=h7vqz9jz7r6i
Frame ID: 6E90E241E3A08A3B0B730C400A43DC4E
Requests: 1 HTTP requests in this frame

Frame: https://greenn.isaiassancha.com.br/50386?event=view&event_id=edafd2f1-4019-4532-b0b7-106c8f498caf&pixel_id=216084151236466&method=CREDIT_CARD&amount=27&original_amount=27
Frame ID: 77C5B65631F494F770DCC6E33543A933
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=DH3nyJMamEclyfe-nztbfV8S&k=6LfdvFocAAAAANnEesyQdg1VuccEk0ZUYzWiqU-W
Frame ID: EFAB2CA571014C3457B5C1B88B116881
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ACESSO AO SUPER COMBO | Greenn

Page URL History Show full URLs

https://supercombo.isaiassancha.com/ HTTP 301
https://payfast.greenn.com.br/50386/offer/o2jHTn Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

85
Requests

99 %
HTTPS

70 %
IPv6

8
Domains

10
Subdomains

10
IPs

2
Countries

1498 kB
Transfer

2191 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://greenn.com.br/

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://greenn.com.br/termos-de-uso-greenn/
Title: Terms of use.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://supercombo.isaiassancha.com/ HTTP 301
https://payfast.greenn.com.br/50386/offer/o2jHTn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

https://payfast.greenn.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://payfast.greenn.com.br/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js

85 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request o2jHTn Show response
payfast.greenn.com.br/50386/offer/
Redirect Chain

https://supercombo.isaiassancha.com/
https://payfast.greenn.com.br/50386/offer/o2jHTn

111 KB
30 KB

898ms
777ms

Document
text/html

2606:4700:10::6816:3c5a
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 01:19:52	Name: _GRECAPTCHA Value: 09AFsGliIDKvaBDzkRDPMDGRxgmiAH5yd_o0iXBE3fvOzoemL0_Cq3YobgQXZmCCd5UxnXJzaolsA_lg_c5NzRnYM
.greenn.com.br/	1970-01-21 05:46:16	Name: cf_clearance Value: xvfibyR4LYLrCNXElU6HXaGq7C_CRdYOnl0vKV1gZCs-1717240701-1.0.1.1-roeemWes97GH52K8y3nXjQWD9cSkfmCJvyZ81IJsk12MANBD8k5BITGnQsi7DcKIgZKrm1okMvEhH6RLe1dLaA
payfast.greenn.com.br/	1970-01-20 21:00:41	Name: _dd_s Value: logs=1&id=bb289bfb-6f96-4f1c-b10d-0991617807d6&created=1717240698877&expire=1717241598877

Source	Level	URL Text
other	warning	URL: https://payfast.greenn.com.br/50386/offer/o2jHTn Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://payfast.greenn.com.br/50386/offer/o2jHTn Message: Third-party cookie will be blocked. Learn more in the Issues tab.

payfast.greenn.com.br Open in urlscan Pro 2606:4700:10::6816:3c5a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

85 Requests

99 %HTTPS

70 %IPv6

8 Domains

10 Subdomains

10 IPs

2 Countries

1498 kBTransfer

2191 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

85 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

payfast.greenn.com.br Open in urlscan Pro
2606:4700:10::6816:3c5a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

85
Requests

99 %
HTTPS

70 %
IPv6

8
Domains

10
Subdomains

10
IPs

2
Countries

1498 kB
Transfer

2191 kB
Size

3
Cookies

85 HTTP transactions
11 data transactions