frascneestingresospersonasempresas.net Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Submission: On March 14 via manual (March 14th 2023, 1:39:29 pm UTC) from ZA — Scanned from NL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is frascneestingresospersonasempresas.net.
TLS certificate: Issued by GTS CA 1P5 on March 10th 2023. Valid for: 3 months.

This is the only time frascneestingresospersonasempresas.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

	IP Address	AS Autonomous System
9	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.109.75.39 104.109.75.39	16625 (AKAMAI-AS) (AKAMAI-AS)
10	3

9 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

frascneestingresospersonasempresas.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.75.39 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-75-39.deploy.static.akamaitechnologies.com

www.bbva.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	frascneestingresospersonasempresas.net frascneestingresospersonasempresas.net	76 KB
1	bbva.com.ar www.bbva.com.ar — Cisco Umbrella Rank: 488011	151 KB
10	2

	Domain	Requested by
9	frascneestingresospersonasempresas.net	frascneestingresospersonasempresas.net
1	www.bbva.com.ar	frascneestingresospersonasempresas.net
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.frascneestingresospersonasempresas.net GTS CA 1P5	`2023-03-10` - `2023-06-08`	3 months	crt.sh
bbva.com.ar DigiCert TLS RSA SHA256 2020 CA1	`2022-05-09` - `2023-05-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Frame ID: 70B21527941D74C209AD3DF6B6D63D34
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio | Home

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

227 kB
Transfer

549 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
frascneestingresospersonasempresas.net/ 4 KB
2 KB 281ms
201ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a50136a82e60c31374c9e33aa75b51a291d26b5c0a4f118063b801ff11da9c0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7a7cec2ddcf992b1-FRA
content-encoding: br
content-type: text/html
date: Tue, 14 Mar 2023 13:39:24 GMT
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qEgVw9c8iba21C4NiAPhlH884FxSk1CJgbJ34xzYLohF%2B04VViHb1yxuzeg2plrK29%2F4rGLvaW%2FEW7TlaXmZk1bRnfz6BdqSetq819hJb80n8VnuimNsqjUSYquKWWIC68%2BgY2Oiv48YBzcq0YrU8JhbLC6wh76VahAUpquciv6JCulYtA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
frascneestingresospersonasempresas.net/files1/ 216 KB
32 KB 323ms
321ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/bootstrap.min.css
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"35e6c-5f5ed782fb500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rgvlr9iZFjZwxC8fcNKQpbyGdXlDF2TPvP9xOy3IxEhOh9XRZlQzn%2Bz%2FT0kJ%2FKqJcmsRMtuyFAKx8%2Bq%2BFKQcNxKi1%2FmPnQ6wpL1As2a6LM%2BKlatwA6binB0liTln80dFOACWWJUDqIwmB0hvhVPpfii%2FjtpK3Q1LAoRGbj5BlJ46qhhGzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a7cec2f2e6a92b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
frascneestingresospersonasempresas.net/files1/ 3 KB
1 KB 206ms
204ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/style.css
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a14672ea416c6c90a116bfb0beefec78eae5a98881acf696d144553da44a094

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"a67-5f5ed782fb500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJoRWNQuLflpb8NgFOFPuu3OtZgh46Rqjml%2FSdD156ccXj4MeKb5kT4UurBKFwuo5t7l6cv512Mw8iOO3S4lqCkjWsHLnW3pxB0S9Sa4B6I8wXQRxM%2BqDI4Qwy2SxLltEaOWaCKb3u1MHFO7AtylydtF0KStNRp3RPh0F67SJb52NyeyDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a7cec2f2e6d92b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bootstrap-icons.css
frascneestingresospersonasempresas.net/files1/ 93 KB
13 KB 300ms
298ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/bootstrap-icons.css
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"17579-5f5ed782fb500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVNSo89pk2Ze1tvs5GlktlBUDhskr2A6wfEhR5jya1e9cXoS9f0Q2odWnLA7GYyskq01lY2qZ3K8MCXxFtpyegzv8lAelXsRjQ28HMdZOsnUQ8%2Bot%2BOduo7g5roDog66QDMpV6scwQYZWEDlGI40pFw6K1e%2Fl%2Bj%2BFnpJqo1KidrbuCiVTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a7cec2f2e7092b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 identification.png
frascneestingresospersonasempresas.net/files1/ 3 KB
3 KB 212ms
211ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://frascneestingresospersonasempresas.net/files1/identification.png
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec7c21a9a4d67fd9fbca7c0781031a9b6dbca1229bd4d25c51966596f57a7aec

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "b2f-5f5ed782fb500"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OE2QMPtA1zeSZBVqoAtjCjussJsNYfKet%2FKc6VsoQrarLtTrgvCOzUQmSs9%2B83Wk5ne6iZ0LOuhZ%2BLfORMvN8HiFHzePKziwtcPEZvgpmlN3XfomKQEGm7GJnHu%2FK1bdr1UHkPCaprUEJrjNf8JQabfXqu9xHTPOS%2BJ9IE56TgZffDMoiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a7cec2f3e9992b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2863

GET
H2 200 logo_bbva_blanco.svg
frascneestingresospersonasempresas.net/files1/ 2 KB
1 KB 210ms
210ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://frascneestingresospersonasempresas.net/files1/logo_bbva_blanco.svg
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4110bfbebf5162bd8ce32b34a411c8c4ec827b0d65947993c25379646e5db120

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"769-5f5ed782fb500"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3kC0hmTZjOflOWxNENtk1CO79YudCtF93LlxwtZPaPUnJotOdtLX7iVviyjvkGBR%2BzTDKvfYSDTVVj2gY0dIwOXkWWWrdU2h25nr1LFVskqJV0s32oPD4mYezmCY1c%2FThD5VO90ko2nVOA3ssrid4jenkTRIThkpfytMD27S7fFHjXPAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7a7cec2f3e9a92b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bootstrap.bundle.min.js Show response
frascneestingresospersonasempresas.net/files1/ 79 KB
24 KB 295ms
294ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/bootstrap.bundle.min.js
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 061f0b1ea79e6e2ca24f4603e55d3e909f7471ba0b279cdb6dea40554106c6a2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 02 Mar 2023 16:39:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"13ad7-5f5ed782fb500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkrS5M0IvxMWrlOs26i6U91ZfTKC6sD3ypuh6r7ZTaJ%2FIEtCl%2FlOllYXm08mEq5DMnPZoXfOiadHj5QFVzl9QrlFPdhWNmlcEt2OCt0cDVAh5FtgH%2FJ2zFn7F3f%2Bjt6Wq3G%2F9AaHviTzH9S%2FrJ%2FZJkrxfbdgBSQ6iFkUI1zDEng%2Biji1Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7a7cec2f3e9892b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 183 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 marquee-young-woman-smiling-with-lactop-at-cafe.im1574777727130im.jpg
www.bbva.com.ar/content/dam/public-web/argentina/photos/ 150 KB
151 KB 797ms
208ms Image
image/webp 104.109.75.39
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bbva.com.ar/content/dam/public-web/argentina/photos/marquee-young-woman-smiling-with-lactop-at-cafe.im1574777727130im.jpg?imwidth=1176

Requested by

Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/files1/style.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.75.39 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-75-39.deploy.static.akamaitechnologies.com

Software

Resource Hash

c60a2bc3e536152769bb94a00833a840525897aa9248556a544ebfed3e01b72c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.arg.igrupobbva
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://frascneestingresospersonasempresas.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:25 GMT
content-security-policy: frame-ancestors 'self' https://*.arg.igrupobbva
last-modified: Fri, 15 Jul 2022 12:56:15 GMT
etag: "8c8a1eaafea940470cc0df8c04078523"
x-edgeconnect-cache-status: 1
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: private, no-transform, max-age=2457426
server-timing: cdn-cache; desc=HIT, edge; dur=39, ak_p; desc="466333_34649463_73798979_3931_120654_19_0";dur=1
content-length: 153930
expires: Wed, 12 Apr 2023 00:16:31 GMT

GET
H3 404 bootstrap-icons.woff2
frascneestingresospersonasempresas.net/files1/fonts/ 0
0 204ms
203ms Font
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/files1/bootstrap-icons.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://frascneestingresospersonasempresas.net/files1/bootstrap-icons.css
Origin: https://frascneestingresospersonasempresas.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:25 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3U8jhqinPWzM1Ym7dUjR8kZ126t8zZ6NRpuH%2FkHmdI1d1G%2B00ybEvJoAFTh3yoAHvVcojMnQG5w%2Fl%2BsEODNkXRIKv2JcbG1x6Dud5GvSBqT%2Fuy%2B%2BpCieay%2FVsp5O3ADGHPIzGIdv1msRGXckklhZ7UHTkJHqpiwyGWAaSnSnTeoTRLxxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 7a7cec313b4c9174-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 bootstrap-icons.woff
frascneestingresospersonasempresas.net/files1/fonts/ 0
0 212ms
211ms Font
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frascneestingresospersonasempresas.net/files1/fonts/bootstrap-icons.woff?24e3eb84d0bcaf83d77f904c78ac1f47
Requested by: Host: frascneestingresospersonasempresas.net
URL: https://frascneestingresospersonasempresas.net/files1/bootstrap-icons.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://frascneestingresospersonasempresas.net/files1/bootstrap-icons.css
Origin: https://frascneestingresospersonasempresas.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:39:25 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MKcOtj7Jbujy0ucwkA4h0o9Tom%2FZ1LGS78Elzs9aqNFHoUmi8QKUBeYIRYfX1n8pYG6hTuWBJj8j54ygP1aNGsXkyn02Z9uGfusNdm4mfL%2BciK1HbP3F0t3cVA5wyoKV9q6yOEjxutPlU%2FpQZmVYBpiAZVHMuW4zxFCbaO4UtvCreieUYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 7a7cec328d419174-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless number| uidEvent object| bootstrap object| seePassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://frascneestingresospersonasempresas.net/files1/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://frascneestingresospersonasempresas.net/files1/fonts/bootstrap-icons.woff?24e3eb84d0bcaf83d77f904c78ac1f47 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

frascneestingresospersonasempresas.net
www.bbva.com.ar
104.109.75.39
2a06:98c1:3121::3
061f0b1ea79e6e2ca24f4603e55d3e909f7471ba0b279cdb6dea40554106c6a2
2a14672ea416c6c90a116bfb0beefec78eae5a98881acf696d144553da44a094
4110bfbebf5162bd8ce32b34a411c8c4ec827b0d65947993c25379646e5db120
932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386
9a50136a82e60c31374c9e33aa75b51a291d26b5c0a4f118063b801ff11da9c0
c60a2bc3e536152769bb94a00833a840525897aa9248556a544ebfed3e01b72c
d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f
ec7c21a9a4d67fd9fbca7c0781031a9b6dbca1229bd4d25c51966596f57a7aec

frascneestingresospersonasempresas.net Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

227 kBTransfer

549 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

frascneestingresospersonasempresas.net Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

227 kB
Transfer

549 kB
Size

0
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!