arfesa.com.ar Open in urlscan Pro
190.183.195.2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://arfesa.com.ar/secure_chase
Effective URL:
https://arfesa.com.ar/secure_chase/
Submission: On March 15 via automatic, source openphish (March 15th 2024, 1:27:19 pm UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 12 HTTP transactions. The main IP is 190.183.195.2, located in Paraná, Argentina and belongs to Gigared S.A., AR. The main domain is arfesa.com.ar.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 13th 2024. Valid for: 3 months.

This is the only time arfesa.com.ar was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 4	190.183.195.2 190.183.195.2	20207 (Gigared S.A.) (Gigared S.A.)
8	2.16.204.144 2.16.204.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	4

4 190.183.195.2 (Paraná, Argentina) 2 redirects

ASN20207 (Gigared S.A., AR)
PTR: panel.gigaredhost.com.ar

arfesa.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.204.144 (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-204-144.deploy.static.akamaitechnologies.com

static.chasecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	chasecdn.com static.chasecdn.com — Cisco Umbrella Rank: 8215	492 KB
4	arfesa.com.ar 2 redirects arfesa.com.ar	99 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2754	157 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 253	27 KB
12	4

	Domain	Requested by
8	static.chasecdn.com	arfesa.com.ar static.chasecdn.com
4	arfesa.com.ar	2 redirects cdnjs.cloudflare.com
1	api.ipify.org	cdnjs.cloudflare.com
1	cdnjs.cloudflare.com	arfesa.com.ar
12	4

This site contains no links.

Subject Issuer	Validity	Valid
arfesa.com.ar cPanel, Inc. Certification Authority	`2024-02-13` - `2024-05-13`	3 months	crt.sh
static2.chasecdn.com Entrust Certification Authority - L1M	`2023-04-25` - `2024-04-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-01-22` - `2024-04-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://arfesa.com.ar/secure_chase/
Frame ID: D8F80C8F3637D0005EC614596F26581D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

͏s͏i͏g͏n ͏i͏n - ͏c͏h͏a͏s͏e.͏c͏o͏m

Page URL History Show full URLs

http://arfesa.com.ar/secure_chase HTTP 301
https://arfesa.com.ar/secure_chase HTTP 301
https://arfesa.com.ar/secure_chase/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

618 kB
Transfer

1216 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://arfesa.com.ar/secure_chase HTTP 301
https://arfesa.com.ar/secure_chase HTTP 301
https://arfesa.com.ar/secure_chase/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
arfesa.com.ar/secure_chase/
Redirect Chain

http://arfesa.com.ar/secure_chase
https://arfesa.com.ar/secure_chase
https://arfesa.com.ar/secure_chase/

98 KB
98 KB

494ms
494ms

Document
text/html

190.183.195.2
Gigared S.A.

General

Check archive.org

Show headers Download Go to

Full URL: https://arfesa.com.ar/secure_chase/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.183.195.2 Paraná, Argentina, ASN20207 (Gigared S.A., AR),
Reverse DNS: panel.gigaredhost.com.ar
Software: nginx /
Resource Hash: 162ac7cb0cc06862ec1df3ea3d90be0bbb829d16caefb3c3dce4ff0dbaf10b06

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 15 Mar 2024 13:27:12 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 15 Mar 2024 13:27:12 GMT
Location: https://arfesa.com.ar/secure_chase/
Server: nginx

GET
H2 200 logon.css
static.chasecdn.com/web/2020.09.13-2254/logon/assets/ 103 KB
14 KB 132ms
48ms Stylesheet
text/css 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/web/2020.09.13-2254/logon/assets/logon.css

Requested by

Host: arfesa.com.ar
URL: https://arfesa.com.ar/secure_chase/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

7c12839560d83a0b1bb670d58dae7f604278a2f713ef1ce13dd35b823491c063

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; preload
X-Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arfesa.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-content-security-policy: frame-ancestors 'none'
content-security-policy: frame-ancestors 'none'
content-encoding: br
x-content-type-options: nosniff
date: Fri, 15 Mar 2024 13:27:13 GMT
strict-transport-security: max-age=86400 ; preload
x-app-cdndc-id: us-east-2
server-timing: cdn-cache; desc=HIT, edge; dur=29, origin; dur=0, ak_p; desc="1710509233123_34610576_484753231_2952_6296_11_25_255";dur=1
content-length: 13652
x-xss-protection: 1; mode=block
x-trace-id: ZcTIv1DIXKSVlcECf3u1sAAAAAY
last-modified: Mon, 04 Mar 2024 15:00:35 GMT
server: Akamai Resource Optimizer
etag: "19a4a-5fae6cae237d3-gzip"
x-amzn-trace-id: 0.901d1002.1710509233.1ce4bf4f
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Fri, 07 Feb 2025 12:27:43 GMT

GET
H2 200 blue-ui.css
static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/ 498 KB
44 KB 205ms
122ms Stylesheet
text/css 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/blue-ui.css

Requested by

Host: arfesa.com.ar
URL: https://arfesa.com.ar/secure_chase/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

508595c80e990acfb3eff9fd4ec8fb57f8e6ec666782eaf5d3dfc3e5449e9c12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; preload
X-Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arfesa.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-content-security-policy: frame-ancestors 'none'
content-security-policy: frame-ancestors 'none'
content-encoding: br
x-content-type-options: nosniff
date: Fri, 15 Mar 2024 13:27:13 GMT
strict-transport-security: max-age=86400 ; preload
x-app-cdndc-id: us-east-1
server-timing: cdn-cache; desc=HIT, edge; dur=68, origin; dur=0, ak_p; desc="1710509233097_34610576_484753230_8710_6613_11_0_255";dur=1
content-length: 44641
x-xss-protection: 1; mode=block
x-trace-id: ZXQAKLLWaz-EGbAOM8x7YQAAAB8
last-modified: Sat, 09 Dec 2023 05:50:37 GMT
server: Akamai Resource Optimizer
etag: "7c9c7-5fe59523b51aa-gzip"
x-amzn-trace-id: 0.901d1002.1710509233.1ce4bf4e
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Sun, 08 Dec 2024 05:50:32 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/ 85 KB
27 KB 33ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: arfesa.com.ar
URL: https://arfesa.com.ar/secure_chase/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arfesa.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 161072
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27277
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15283"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50Cg8d3w%2FbTUAH3Orh7O%2B%2BtQkK9%2FN7U7%2B8MH9p5HWH6Kx8KfhL11FUg2ylz0wzQRP5pd6BlPGg%2FpX6lAZFRVrRQhvcJn8UpiocPTR8hbeNNE85Z2mML3cqx6m%2BUxRWhdON7dP6ftCB%2BZCYzCmE48DhYH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 864cd6f41e602ba3-FRA
expires: Wed, 05 Mar 2025 13:27:13 GMT

GET
H2 200 opensans-regular.woff
static.chasecdn.com/content/dam/cpo-static/fonts/ 24 KB
25 KB 67ms
31ms Font
font/woff 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/content/dam/cpo-static/fonts/opensans-regular.woff

Requested by

Host: arfesa.com.ar
URL: https://arfesa.com.ar/secure_chase/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; preload

Request headers

Referer: https://arfesa.com.ar/
Origin: https://arfesa.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:13 GMT
strict-transport-security: max-age=86400 ; preload
last-modified: Wed, 13 Sep 2023 14:50:05 GMT
server: Apache
x-amzn-trace-id: 0.901d1002.1710509233.1ce4c30a
x-app-cdndc-id: us-east-1
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=11, ak_p; desc="1710509233311_34610576_484754186_1156_5515_11_24_255";dur=1
accept-ranges: bytes
content-length: 24876

GET
H2 200 / Show response
api.ipify.org/ 24 B
157 B 188ms
152ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a65fa941a46e622509583d3d9c53a15614a6430d9f3f4f9e930c50767286232

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://arfesa.com.ar/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:13 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 864cd6f5cef69954-FRA
content-length: 24

GET
H/1.1 200
OK ___.php Show response
arfesa.com.ar/secure_chase/ 27 B
233 B 247ms
247ms XHR
text/html 190.183.195.2
Gigared S.A.

General

Check archive.org

Show headers Download Go to

Full URL: https://arfesa.com.ar/secure_chase/___.php?_do=vt&s=aHR0cHM6Ly9hcmZlc2EuY29tLmFyL3NlY3VyZV9jaGFzZS9fZmlyc3RfdmlzaXQ=
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.183.195.2 Paraná, Argentina, ASN20207 (Gigared S.A., AR),
Reverse DNS: panel.gigaredhost.com.ar
Software: nginx /
Resource Hash: 313c148f979eda240c2ddb092d7936042ad652e222f0819cc9634c8ed9a36f18

Request headers

Accept: */*
Referer: https://arfesa.com.ar/secure_chase/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 15 Mar 2024 13:27:13 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 wordmark-white.svg
static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/img/logos/ 1 KB
1 KB 62ms
61ms Image
image/svg+xml 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/img/logos/wordmark-white.svg

Requested by

Host: static.chasecdn.com
URL: https://static.chasecdn.com/web/2020.09.13-2254/logon/assets/logon.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; preload
X-Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.chasecdn.com/web/2020.09.13-2254/logon/assets/logon.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-content-security-policy: frame-ancestors 'none'
content-security-policy: frame-ancestors 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 15 Mar 2024 13:27:16 GMT
strict-transport-security: max-age=86400 ; preload
x-app-cdndc-id: us-east-2
server-timing: cdn-cache; desc=HIT, edge; dur=31, origin; dur=0, ak_p; desc="1710509236567_34610576_484767933_3652_5939_12_0_146";dur=1
content-length: 645
x-xss-protection: 1; mode=block
x-trace-id: ZcctPFDIXKSVlcECf3sb7AAAAA0
last-modified: Thu, 11 May 2023 02:43:36 GMT
server: Apache
etag: "581-5fb61f48055ca"
x-amzn-trace-id: 0.901d1002.1710509236.1ce4f8bd
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Feb 2025 08:01:00 GMT

GET
H2 200 background.desktop.day.1.jpeg
static.chasecdn.com/content/geo-images/images/ 299 KB
300 KB 71ms
71ms Image
image/jpeg 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arfesa.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:16 GMT
strict-transport-security: max-age=86400 ; preload
last-modified: Thu, 15 Feb 2024 18:11:38 GMT
server: Apache
x-amzn-trace-id: 0.901d1002.1710509236.1ce4f8be
x-app-cdndc-id: us-east-1
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=38, origin; dur=0, ak_p; desc="1710509236570_34610576_484767934_4605_5882_12_0_219";dur=1
accept-ranges: bytes
content-length: 306152

GET
H2 200 opensans-bold.woff
static.chasecdn.com/content/dam/cpo-static/fonts/ 14 KB
14 KB 23ms
23ms Font
font/woff 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/content/dam/cpo-static/fonts/opensans-bold.woff

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; preload

Request headers

Referer: https://arfesa.com.ar/
Origin: https://arfesa.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:16 GMT
strict-transport-security: max-age=86400 ; preload
last-modified: Mon, 28 Aug 2023 16:17:53 GMT
server: Apache
x-amzn-trace-id: 0.901d1002.1710509236.1ce4f8a9
x-app-cdndc-id: us-east-1
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1710509236557_34610576_484767913_61_7067_17_0_255";dur=1
accept-ranges: bytes
content-length: 14504

GET
H2 200 opensans-semibold.woff
static.chasecdn.com/content/dam/cpo-static/fonts/ 25 KB
25 KB 26ms
26ms Font
font/woff 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/content/dam/cpo-static/fonts/opensans-semibold.woff

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; preload

Request headers

Referer: https://arfesa.com.ar/
Origin: https://arfesa.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 13:27:16 GMT
strict-transport-security: max-age=86400 ; preload
last-modified: Thu, 31 Aug 2023 16:24:51 GMT
server: Apache
x-amzn-trace-id: 0.901d1002.1710509236.1ce4f8aa
x-app-cdndc-id: us-east-1
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1710509236557_34610576_484767914_247_6519_17_0_255";dur=1
accept-ranges: bytes
content-length: 25108

GET
H2 200 dcefont.woff
static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/less/assets/fonts/ 69 KB
69 KB 63ms
62ms Font
font/woff 2.16.204.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/less/assets/fonts/dcefont.woff

Requested by

Host: static.chasecdn.com
URL: https://static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/blue-ui.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.144 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-204-144.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; preload
X-Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://static.chasecdn.com/web/2020.09.13-2254/@ccb-cxo/cxo-ui-common-utilities/dist/common/assets/blue-ui.css
Origin: https://arfesa.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-content-security-policy: frame-ancestors 'none'
content-security-policy: frame-ancestors 'none'
date: Fri, 15 Mar 2024 13:27:16 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=86400 ; preload
x-app-cdndc-id: us-east-2
server-timing: cdn-cache; desc=HIT, edge; dur=42, origin; dur=0, ak_p; desc="1710509236557_34610576_484767915_4284_7028_11_0_255";dur=1
content-length: 70296
x-xss-protection: 1; mode=block
x-trace-id: ZcctPC6gPqpAxlm6Hn0rbAAAAC4
last-modified: Fri, 21 Apr 2023 09:44:02 GMT
server: Apache
etag: "11298-5f9d57f51873e"
x-amzn-trace-id: 0.901d1002.1710509236.1ce4f8ab
x-frame-options: DENY
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Feb 2025 08:01:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
arfesa.com.ar
cdnjs.cloudflare.com
static.chasecdn.com
104.26.13.205
190.183.195.2
2.16.204.144
2606:4700::6811:180e
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
162ac7cb0cc06862ec1df3ea3d90be0bbb829d16caefb3c3dce4ff0dbaf10b06
313c148f979eda240c2ddb092d7936042ad652e222f0819cc9634c8ed9a36f18
508595c80e990acfb3eff9fd4ec8fb57f8e6ec666782eaf5d3dfc3e5449e9c12
5a65fa941a46e622509583d3d9c53a15614a6430d9f3f4f9e930c50767286232
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
7c12839560d83a0b1bb670d58dae7f604278a2f713ef1ce13dd35b823491c063
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

arfesa.com.ar Open in urlscan Pro 190.183.195.2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

4 Countries

618 kBTransfer

1216 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

0 Cookies

Indicators

arfesa.com.ar Open in urlscan Pro
190.183.195.2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

618 kB
Transfer

1216 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!