llantasmex.com Open in urlscan Pro
67.227.237.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://llantasmex.com/ZW55LzFqMzAySzFDNk42VTR3
Submission: On November 14 via manual (November 14th 2022, 7:56:21 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 67.227.237.12, located in United States and belongs to LIQUIDWEB, US. The main domain is llantasmex.com.
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on June 27th 2022. Valid for: a year.

This is the only time llantasmex.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	67.227.237.12 67.227.237.12	32244 (LIQUIDWEB) (LIQUIDWEB)
7	87.98.231.4 87.98.231.4	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
14	4

1 67.227.237.12 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: servidor2263.el.controladordns.com

llantasmex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 87.98.231.4 (Cornellà de Llobregat, Spain)

ASN16276 (OVH, FR)
PTR: cluster003.ovh.net

tallersllanoscar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	tallersllanoscar.com tallersllanoscar.com	163 KB
5	gstatic.com fonts.gstatic.com	78 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1 KB
1	llantasmex.com llantasmex.com	392 B
14	4

	Domain	Requested by
7	tallersllanoscar.com	llantasmex.com tallersllanoscar.com
5	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	tallersllanoscar.com
1	llantasmex.com
14	4

This site contains no links.

Subject Issuer	Validity	Valid
llantasmex.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-06-27` - `2023-06-27`	a year	crt.sh
tallersllanoscar.com R3	`2022-09-03` - `2022-12-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://llantasmex.com/ZW55LzFqMzAySzFDNk42VTR3
Frame ID: DA22E46C69DBC1B50929FAB119B84A99
Requests: 1 HTTP requests in this frame

Frame: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Frame ID: B63F69DD4CC68FE83468150671F63929
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

243 kB
Transfer

882 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ZW55LzFqMzAySzFDNk42VTR3 Show response
llantasmex.com/ 333 B
392 B 699ms
131ms Document
text/html 67.227.237.12
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://llantasmex.com/ZW55LzFqMzAySzFDNk42VTR3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.227.237.12 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: servidor2263.el.controladordns.com
Software: Apache /
Resource Hash: 55fdfca7407a267db53cd055bff81aa6f508b18037c488630c6c98a8245dc2ce

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=31536000
content-encoding: gzip
content-length: 250
content-type: text/html; charset=UTF-8
date: Mon, 14 Nov 2022 19:56:16 GMT
expires: Tue, 14 Nov 2023 19:56:16 GMT
server: Apache
vary: Accept-Encoding,User-Agent

GET
H2 200 1j302K1C6N6U4w Show response
tallersllanoscar.com/oxy/eny/ Frame B63F 678 B
528 B 94ms
24ms Document
text/html 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Requested by: Host: llantasmex.com
URL: https://llantasmex.com/ZW55LzFqMzAySzFDNk42VTR3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 3c47198a8a0e78dbff634b6b39b99a291eca3956a02f62a88e464d1bc98c9926

Request headers

Referer: https://llantasmex.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 397
content-type: text/html
date: Mon, 14 Nov 2022 19:56:16 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 chunk-vendors.d2077d37.js Show response
tallersllanoscar.com/oxy/js/ Frame B63F 212 KB
73 KB 30ms
30ms Script
application/javascript 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/js/chunk-vendors.d2077d37.js
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 511bae084c401becdb78b70cfc583083707214645970ef00482c2ebb9b7ed3ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
last-modified: Sat, 01 Oct 2022 13:59:45 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
expires: Mon, 14 Nov 2022 20:11:16 GMT

GET
H2 200 app.d8fdaf71.js Show response
tallersllanoscar.com/oxy/js/ Frame B63F 9 KB
4 KB 24ms
24ms Script
application/javascript 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/js/app.d8fdaf71.js
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 92daf760785dafff57b6b2025d58d9b00ff5b26066838f5ebb07c1dbe43fe326

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
last-modified: Sat, 01 Oct 2022 13:59:45 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 3740
expires: Mon, 14 Nov 2022 20:11:16 GMT

GET
H2 200 chunk-vendors.229effd9.css
tallersllanoscar.com/oxy/css/ Frame B63F 558 KB
80 KB 77ms
76ms Stylesheet
text/css 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/css/chunk-vendors.229effd9.css
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 54ad4a660adf462a53c4d369dd5560892c8cbf45af9d570c03094a6cf13dc0fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
last-modified: Sat, 01 Oct 2022 13:59:45 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=900
accept-ranges: bytes
expires: Mon, 14 Nov 2022 20:11:16 GMT

GET
H2 200 app.e4f40411.css
tallersllanoscar.com/oxy/css/ Frame B63F 201 B
366 B 24ms
24ms Stylesheet
text/css 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/css/app.e4f40411.css
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 45ec8ab89fe8425d03ed7fd427f933f76f4fa418fa4fed228d086aa7ccba5edc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
last-modified: Sat, 01 Oct 2022 13:59:45 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=900
accept-ranges: bytes
content-length: 153
expires: Mon, 14 Nov 2022 20:11:16 GMT

GET
H2 200 webfontloader.b8cba529.js Show response
tallersllanoscar.com/oxy/js/ Frame B63F 12 KB
5 KB 27ms
26ms Script
application/javascript 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/oxy/js/webfontloader.b8cba529.js
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/js/app.d8fdaf71.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache /
Resource Hash: 715d10106878d6848d7f6bad335fb2e6b90336fe73ca112c9516ec036ef9a247

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
last-modified: Sat, 01 Oct 2022 13:59:45 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 4953
expires: Mon, 14 Nov 2022 20:11:16 GMT

POST
H2 200 weight.php Show response
tallersllanoscar.com/ Frame B63F 44 B
140 B 25ms
24ms XHR
application/json 87.98.231.4
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tallersllanoscar.com/weight.php
Requested by: Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/js/chunk-vendors.d2077d37.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.98.231.4 Cornellà de Llobregat, Spain, ASN16276 (OVH, FR),
Reverse DNS: cluster003.ovh.net
Software: Apache / PHP/5.6
Resource Hash: cb744274591e5b9bc93f947a9088a870453226ed7de55db38eabb4e7716b8c58

Request headers

Accept: application/json, text/plain, */*
Referer: https://tallersllanoscar.com/oxy/eny/1j302K1C6N6U4w
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Nov 2022 19:56:16 GMT
server: Apache
x-powered-by: PHP/5.6
content-type: application/json

GET
H2 200 css
fonts.googleapis.com/ Frame B63F 13 KB
1 KB 65ms
26ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Requested by

Host: tallersllanoscar.com
URL: https://tallersllanoscar.com/oxy/js/webfontloader.b8cba529.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8c44af787f51e875d3ecc44f5bb1989fce5aeeaa1a48cc0851aec4344b5e6d73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tallersllanoscar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 14 Nov 2022 19:56:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 18:14:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Nov 2022 19:56:16 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B63F 15 KB
16 KB 58ms
17ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tallersllanoscar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 11 Nov 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 283283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Nov 2023 13:14:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B63F 16 KB
16 KB 60ms
21ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tallersllanoscar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 431151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Nov 2023 20:10:25 GMT

GET
H2 200 KFOkCnqEu92Fr1MmgVxIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B63F 15 KB
16 KB 76ms
41ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tallersllanoscar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 13:38:19 GMT
x-content-type-options: nosniff
age: 22677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15764
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 13:38:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B63F 15 KB
15 KB 69ms
34ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tallersllanoscar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 11 Nov 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 257636
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Nov 2023 20:22:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B63F 15 KB
16 KB 80ms
45ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tallersllanoscar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 11 Nov 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 312407
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Nov 2023 05:09:29 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
llantasmex.com
tallersllanoscar.com
2a00:1450:4001:80e::2003
2a00:1450:4001:813::200a
67.227.237.12
87.98.231.4
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18
3c47198a8a0e78dbff634b6b39b99a291eca3956a02f62a88e464d1bc98c9926
45ec8ab89fe8425d03ed7fd427f933f76f4fa418fa4fed228d086aa7ccba5edc
511bae084c401becdb78b70cfc583083707214645970ef00482c2ebb9b7ed3ef
54ad4a660adf462a53c4d369dd5560892c8cbf45af9d570c03094a6cf13dc0fb
55fdfca7407a267db53cd055bff81aa6f508b18037c488630c6c98a8245dc2ce
715d10106878d6848d7f6bad335fb2e6b90336fe73ca112c9516ec036ef9a247
8c44af787f51e875d3ecc44f5bb1989fce5aeeaa1a48cc0851aec4344b5e6d73
92daf760785dafff57b6b2025d58d9b00ff5b26066838f5ebb07c1dbe43fe326
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
cb744274591e5b9bc93f947a9088a870453226ed7de55db38eabb4e7716b8c58
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

llantasmex.com Open in urlscan Pro 67.227.237.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

243 kBTransfer

882 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

llantasmex.com Open in urlscan Pro
67.227.237.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

243 kB
Transfer

882 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!