draivanilda.com.br Open in urlscan Pro
162.241.134.106 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://draivanilda.com.br/fedwire/
Effective URL:
https://draivanilda.com.br/fedwire/home/?sslchannel=true&sessionid=9Rx3xF9Kq0H5tD99e1lDoDnGuhySedhn5PqCuAnVB405IaeXcAAAdYhI...
Submission: On March 10 via manual (March 10th 2020, 2:06:54 am UTC) from IN

Summary HTTP 90 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 90 HTTP transactions. The main IP is 162.241.134.106, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is draivanilda.com.br.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 8th 2020. Valid for: 3 months.

This is the only time draivanilda.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Standard Bank (Banking) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
56	162.241.134.106 162.241.134.106	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
24	196.8.110.47 196.8.110.47	10798 (SBICSA) (SBICSA)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	158.58.181.221 158.58.181.221	39605 (IGUANESOL...) (IGUANESOLUTIONS)
2	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
90	7

56 162.241.134.106 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vps-3876664.zigcreative.com.br

draivanilda.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 196.8.110.47 (South Africa)

ASN10798 (SBICSA, ZA)

onlinebanking.standardbank.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.58.181.221 (Paris, France)

ASN39605 (IGUANESOLUTIONS, FR)
PTR: nmd-frontvip-01.ig-1.net

www.itespresso.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	draivanilda.com.br draivanilda.com.br	1 MB
24	standardbank.co.za onlinebanking.standardbank.co.za	768 KB
4	google-analytics.com www.google-analytics.com	36 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	itespresso.fr www.itespresso.fr	11 KB
1	wikimedia.org upload.wikimedia.org	7 KB
90	6

	Domain	Requested by
56	draivanilda.com.br	draivanilda.com.br
24	onlinebanking.standardbank.co.za	draivanilda.com.br
4	www.google-analytics.com	draivanilda.com.br
2	fonts.googleapis.com	draivanilda.com.br
1	www.itespresso.fr	draivanilda.com.br
1	upload.wikimedia.org	draivanilda.com.br
90	6

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
onlinebanking.standardbank.co.za

Subject Issuer	Validity	Valid
draivanilda.com.br Let's Encrypt Authority X3	`2020-03-08` - `2020-06-06`	3 months	crt.sh
onlinebanking.standardbank.co.za DigiCert SHA2 Secure Server CA	`2019-08-06` - `2020-08-06`	a year	crt.sh
*.wikipedia.org DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-10-06`	a year	crt.sh
*.itespresso.fr Gandi Standard SSL CA 2	`2018-04-18` - `2020-04-18`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://draivanilda.com.br/fedwire/home/?sslchannel=true&sessionid=9Rx3xF9Kq0H5tD99e1lDoDnGuhySedhn5PqCuAnVB405IaeXcAAAdYhIgPBu3SS9IjLdU88vd9AVkPSx
Frame ID: 7513A6D3CE37B810DD9AE05742BFB0BF
Requests: 38 HTTP requests in this frame

Frame: https://draivanilda.com.br/fedwire/home/home_data/dest5.html
Frame ID: 58D382AABBC7C2F596D2FADB703BE7D4
Requests: 26 HTTP requests in this frame

Frame: https://draivanilda.com.br/fedwire/home/home_data/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 647F4879B151303BDC87F35D6A7999F8
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://draivanilda.com.br/fedwire/ Page URL
https://draivanilda.com.br/fedwire/home/?sslchannel=true&sessionid=9Rx3xF9Kq0H5tD99e1lDoDnGuhySedhn5PqC... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

90
Requests

98 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

1954 kB
Transfer

10102 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/en-us/servicesagreement
Title: T&C's

Search URL Search Domain Scan URL

URL: https://onlinebanking.standardbank.co.za/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://draivanilda.com.br/fedwire/ Page URL
https://draivanilda.com.br/fedwire/home/?sslchannel=true&sessionid=9Rx3xF9Kq0H5tD99e1lDoDnGuhySedhn5PqCuAnVB405IaeXcAAAdYhIgPBu3SS9IjLdU88vd9AVkPSx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

90 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
draivanilda.com.br/fedwire/ 201 B
408 B 811ms
381ms Document
text/html 162.241.134.106
UNIFIEDLAYER-AS-1

General

Domain/Path	Expires	Name / Value
.draivanilda.com.br/	1970-01-19 07:58:12	Name: _gid Value: GA1.3.1783805488.1583805997
.draivanilda.com.br/	1970-01-20 01:27:57	Name: _ga Value: GA1.3.313297925.1583805997
.draivanilda.com.br/	1970-01-19 07:56:46	Name: _gat Value: 1

Source	Level	URL Text
console-api	log	URL: https://draivanilda.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://draivanilda.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

draivanilda.com.br Open in urlscan Pro 162.241.134.106 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

98 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

4 Countries

1954 kBTransfer

10102 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

draivanilda.com.br Open in urlscan Pro
162.241.134.106 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

98 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

1954 kB
Transfer

10102 kB
Size

3
Cookies

90 HTTP transactions
0 data transactions