![](/screenshots/aba46a19-4b65-4451-abe9-9e30bea19249.png)
merityae.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&pub_id=6JQX_474265
Submission: On May 08 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on May 3rd 2023. Valid for: 3 months.
This is the only time merityae.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6811:ce4f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.107.178.178 172.107.178.178 | 40676 (AS40676) (AS40676) | |
1 2 | 5.34.178.65 5.34.178.65 | 204957 (GREENFLOI...) (GREENFLOID-AS) | |
2 19 | 2a06:98c1:312... 2a06:98c1:3120::3 | () () | |
1 | 2606:4700::68... 2606:4700::6812:1634 | () () | |
3 | 2606:4700:e0:... 2606:4700:e0::ac40:640a | () () | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | () () | |
1 | 2606:4700:303... 2606:4700:3037::6815:4392 | () () | |
30 | 9 |
ASN40676 (AS40676, US)
PTR: e1.scientificmedjrnl.biz
camanie.com |
ASN204957 (GREENFLOID-AS, US)
PTR: vps.hostry.com
nurteruoir.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
merityae.com
2 redirects
merityae.com beacon.merityae.com Failed |
473 KB |
4 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
23 KB |
2 |
nurteruoir.com
1 redirects
nurteruoir.com |
2 KB |
1 |
virtualpushplatform.com
virtualpushplatform.com |
5 KB |
1 |
googleapis.com
fonts.googleapis.com |
849 B |
1 |
camanie.com
camanie.com |
437 B |
1 |
groovesell.com
tracking.groovesell.com |
702 B |
0 |
pushserve.xyz
Failed
pushserve.xyz Failed |
|
30 | 8 |
Domain | Requested by | |
---|---|---|
19 | merityae.com |
2 redirects
nurteruoir.com
merityae.com |
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | nurteruoir.com |
1 redirects
camanie.com
|
1 | virtualpushplatform.com |
merityae.com
|
1 | fonts.googleapis.com |
merityae.com
|
1 | kit.fontawesome.com |
merityae.com
|
1 | camanie.com |
tracking.groovesell.com
|
1 | tracking.groovesell.com | |
0 | pushserve.xyz Failed |
virtualpushplatform.com
|
0 | beacon.merityae.com Failed |
merityae.com
|
30 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-21 - 2024-04-20 |
a year | crt.sh |
camanie.com Sectigo RSA Domain Validation Secure Server CA |
2022-12-16 - 2023-12-16 |
a year | crt.sh |
nurteruoir.com R3 |
2023-03-18 - 2023-06-16 |
3 months | crt.sh |
merityae.com GTS CA 1P5 |
2023-05-03 - 2023-08-01 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-22 - 2023-12-23 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-17 - 2023-07-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&pub_id=6JQX_474265
Frame ID: 42A3E67CB9B2D03CB864A63AF8BE4F91
Requests: 29 HTTP requests in this frame
Screenshot
![](/screenshots/aba46a19-4b65-4451-abe9-9e30bea19249.png)
Page URL History Show full URLs
- https://tracking.groovesell.com/t/f03ee7a084713c183bc3839092034c51 Page URL
- https://camanie.com/101198532b089255b09 Page URL
- https://nurteruoir.com/r/e1f4ca9a-20f1-4dda-a8dd-854448a865cb/474265/1368195939/ Page URL
-
https://nurteruoir.com/r2/e1f4ca9a-20f1-4dda-a8dd-854448a865cb/474265/1368195939//38174b57-a20d-4aa...
HTTP 302
https://merityae.com/sf/tpl9?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07... HTTP 301
http://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a0... HTTP 301
https://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a0... Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://tracking.groovesell.com/t/f03ee7a084713c183bc3839092034c51 Page URL
- https://camanie.com/101198532b089255b09 Page URL
- https://nurteruoir.com/r/e1f4ca9a-20f1-4dda-a8dd-854448a865cb/474265/1368195939/ Page URL
-
https://nurteruoir.com/r2/e1f4ca9a-20f1-4dda-a8dd-854448a865cb/474265/1368195939//38174b57-a20d-4aa4-9a0e-054727d2a07e/?red_param_1=https%3A%2F%2Fcamanie.com%2F&fctr=0
HTTP 302
https://merityae.com/sf/tpl9?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&pub_id=6JQX_474265 HTTP 301
http://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&pub_id=6JQX_474265 HTTP 301
https://merityae.com/sf/tpl9/?logo=carrefour&item=3MS&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&pub_id=6JQX_474265 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
f03ee7a084713c183bc3839092034c51
tracking.groovesell.com/t/ |
365 B 702 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
101198532b089255b09
camanie.com/ |
143 B 437 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
nurteruoir.com/r/e1f4ca9a-20f1-4dda-a8dd-854448a865cb/474265/1368195939/ |
737 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
merityae.com/sf/tpl9/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
268a7048dd.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bundle.337ccbf727aa7d1caec1.css
merityae.com/sf/tpl9/ |
2 MB 180 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-3.png
merityae.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
merityae.com/sf/tpl9/public/ |
466 B 985 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-4.png
merityae.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-5.png
merityae.com/sf/tpl9/public/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-6.png
merityae.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-7.png
merityae.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-8.png
merityae.com/sf/tpl9/public/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-9.png
merityae.com/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-10.png
merityae.com/sf/tpl9/public/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-11.png
merityae.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-12.png
merityae.com/sf/tpl9/public/ |
875 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
11.1833cbe3.chunk.js
merityae.com/sf/tpl9/js/ |
360 KB 118 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.d5206265.js
merityae.com/sf/tpl9/js/ |
696 KB 128 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 2 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 849 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
14 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
summary
beacon.merityae.com/geo/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
carrefour.png
merityae.com/sf/tpl9/public/carrefour/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
merityae.com/sf/tpl9/public/carrefour/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
915a650e-17d2-45ba-8c6a-52924abd931a
beacon.merityae.com/g2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
visit
pushserve.xyz/api/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
visit
pushserve.xyz/api/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- beacon.merityae.com
- URL
- https://beacon.merityae.com/geo/summary
- Domain
- beacon.merityae.com
- URL
- https://beacon.merityae.com/g2/915a650e-17d2-45ba-8c6a-52924abd931a?logo=carrefour&click_id=38174b57-a20d-4aa4-9a0e-054727d2a07e&item=3MS&logo=carrefour&pub_id=6JQX_474265
- Domain
- pushserve.xyz
- URL
- https://pushserve.xyz/api/v1/visit
- Domain
- pushserve.xyz
- URL
- https://pushserve.xyz/api/v1/visit
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.groovesell.com/ | Name: gd_tracker Value: YToxOntpOjA7aToxMjQ0Mjt9 |
|
.groovesell.com/ | Name: gd_tracker_sessions Value: YToxOntpOjA7aTo2OTEzMTc2O30%3D |
|
camanie.com/ | Name: uid21587 Value: 1368195939-20230508045313-3cf2da073bd7303d59d324184d9e6b74- |
|
.nurteruoir.com/ | Name: f692b97a-0855-46d5-8382-127fdfb78c38-check Value: 38174b57-a20d-4aa4-9a0e-054727d2a07e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beacon.merityae.com
camanie.com
fonts.googleapis.com
ka-f.fontawesome.com
kit.fontawesome.com
merityae.com
nurteruoir.com
pushserve.xyz
tracking.groovesell.com
virtualpushplatform.com
beacon.merityae.com
pushserve.xyz
172.107.178.178
2606:4700:3037::6815:4392
2606:4700::6811:ce4f
2606:4700::6812:1634
2606:4700:e0::ac40:640a
2a00:1450:4001:80e::200a
2a06:98c1:3120::3
5.34.178.65
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
04d016e1288eebf83358fe70984175bc7d0e2fe9f21824b25d2a57118f527b98
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
0cee972f52f443216ed569505738e89b08925201f31b5d7a51783ee9a0dcc785
1649696ada40338ba30102d7968f7e52199053d286c54839a423baa33153ba3e
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
8151c4abb06d291b0635c7cdbae4d7c635dded5798a843012decb5080205fe78
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
a7cb50e526f2f5cf968b2c3e9da6daa07d0b0fc7176c6c453610f35731236451
adf6f7ba0f07beab1b06cdc7153218c3bd1e2757b1a7aaeebf0d06e35bdd1247
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
bb8d9fe1718225052c47fc8f832a056923b0b988e141e27591ecea99756f34b0
d02cabba45f295ece38d60d4b176fee816d969ee29865ee606b37ad8285f81e1
f07c612fae4277debbe7cadc74699fefda0b713be4e06f97ae97c3be9ad4fe83
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda