c1522091.ferozo.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 200.58.111.45, located in Rosario, Argentina and belongs to Dattatec.com, AR. The main domain is c1522091.ferozo.com.

This is the only time c1522091.ferozo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	200.58.111.45 200.58.111.45	27823 (Dattatec.com) (Dattatec.com)
1	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
6	2

5 200.58.111.45 (Rosario, Argentina)

ASN27823 (Dattatec.com, AR)
PTR: c152.dattaweb.com

c1522091.ferozo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ferozo.com c1522091.ferozo.com	149 KB
1	gstatic.com fonts.gstatic.com	39 KB
6	2

	Domain	Requested by
5	c1522091.ferozo.com	c1522091.ferozo.com
1	fonts.gstatic.com	c1522091.ferozo.com
6	2

This site contains no links.

Subject Issuer	Validity	Valid
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://c1522091.ferozo.com/
Frame ID: 713A0AF0CE0392AD5E53D20297A2A487
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio

Page Statistics

6
Requests

17 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

1106 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
c1522091.ferozo.com/ 8 KB
2 KB 2486ms
1659ms Document
text/html 200.58.111.45
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c1522091.ferozo.com/
Protocol: HTTP/1.1
Server: 200.58.111.45 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS: c152.dattaweb.com
Software: Apache / PHP/7.2.34
Resource Hash: 39d713573f32f1b52ed897073193e7522bc98628265a87ab2ee49f6a1860e0f8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Cache-Control: max-age=2592000
Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 1772
Content-Type: text/html; charset=UTF-8
Date: Wed, 21 Dec 2022 15:55:22 GMT
Expires: Fri, 20 Jan 2023 15:55:22 GMT
Keep-Alive: timeout=10, max=200
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.34

GET
H/1.1 200
OK string.css
c1522091.ferozo.com/principal/css/ 1 MB
121 KB 302ms
301ms Stylesheet
text/css 200.58.111.45
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c1522091.ferozo.com/principal/css/string.css
Requested by: Host: c1522091.ferozo.com
URL: http://c1522091.ferozo.com/
Protocol: HTTP/1.1
Server: 200.58.111.45 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS: c152.dattaweb.com
Software: Apache /
Resource Hash: 68167598227a00a5a5c8ee96e827c57ac7180714676817c58ad7c0fa10d4fbb7

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://c1522091.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 15:55:23 GMT
Content-Encoding: gzip
Last-Modified: Tue, 14 Dec 2021 21:47:52 GMT
Server: Apache
ETag: "10249a-5d32224205200-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Expires: Fri, 20 Jan 2023 15:55:23 GMT

GET
H/1.1 200
OK toda.js Show response
c1522091.ferozo.com/principal/js/ 259 B
616 B 279ms
279ms Script
application/javascript 200.58.111.45
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c1522091.ferozo.com/principal/js/toda.js
Requested by: Host: c1522091.ferozo.com
URL: http://c1522091.ferozo.com/
Protocol: HTTP/1.1
Server: 200.58.111.45 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS: c152.dattaweb.com
Software: Apache /
Resource Hash: a3da2294bd217a525632719a16c187a10fc7a8bedf86fff611e52ca049b146cf

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://c1522091.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 15:55:23 GMT
Content-Encoding: gzip
Last-Modified: Sat, 12 Nov 2022 23:42:02 GMT
Server: Apache
ETag: "103-5ed4e8d92e680-gzip"
Vary: Accept-Encoding
Upgrade: h2,h2c
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=200
Content-Length: 183
Expires: Fri, 20 Jan 2023 15:55:23 GMT

GET
H/1.1 200
OK desktop-sr.svg
c1522091.ferozo.com/principal/images/ 3 KB
3 KB 284ms
284ms Image
image/svg+xml 200.58.111.45
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c1522091.ferozo.com/principal/images/desktop-sr.svg
Requested by: Host: c1522091.ferozo.com
URL: http://c1522091.ferozo.com/
Protocol: HTTP/1.1
Server: 200.58.111.45 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS: c152.dattaweb.com
Software: Apache /
Resource Hash: c9795c8390b656c79384cbf530bc39ca1929789a26e1b3a34ea206b1f3f5f65b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://c1522091.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 15:55:24 GMT
Last-Modified: Tue, 14 Dec 2021 18:59:34 GMT
Server: Apache
ETag: "c33-5d31fca3d1180"
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Content-Length: 3123
Expires: Fri, 20 Jan 2023 15:55:24 GMT

GET
H/1.1 200
OK Ilustracion.svg
c1522091.ferozo.com/principal/images/ 22 KB
22 KB 286ms
286ms Image
image/svg+xml 200.58.111.45
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c1522091.ferozo.com/principal/images/Ilustracion.svg
Requested by: Host: c1522091.ferozo.com
URL: http://c1522091.ferozo.com/principal/css/string.css
Protocol: HTTP/1.1
Server: 200.58.111.45 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS: c152.dattaweb.com
Software: Apache /
Resource Hash: 405f3392198ce4a77c2c729b4666731fa79641190d69cd9c742c3a9f3d9fe02e

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://c1522091.ferozo.com/principal/css/string.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 15:55:25 GMT
Last-Modified: Tue, 14 Dec 2021 19:40:28 GMT
Server: Apache
ETag: "5897-5d3205c822300"
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=198
Content-Length: 22679
Expires: Fri, 20 Jan 2023 15:55:25 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v27/ 39 KB
39 KB 598ms
77ms Font
font/woff2 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: c1522091.ferozo.com
URL: http://c1522091.ferozo.com/principal/css/string.css

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://c1522091.ferozo.com/
Origin: http://c1522091.ferozo.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 00:15:50 GMT
x-content-type-options: nosniff
age: 401975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39556
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:31:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 17 Dec 2023 00:15:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| controltag

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c1522091.ferozo.com
fonts.gstatic.com
142.250.185.131
200.58.111.45
39d713573f32f1b52ed897073193e7522bc98628265a87ab2ee49f6a1860e0f8
405f3392198ce4a77c2c729b4666731fa79641190d69cd9c742c3a9f3d9fe02e
68167598227a00a5a5c8ee96e827c57ac7180714676817c58ad7c0fa10d4fbb7
a3da2294bd217a525632719a16c187a10fc7a8bedf86fff611e52ca049b146cf
a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448
c9795c8390b656c79384cbf530bc39ca1929789a26e1b3a34ea206b1f3f5f65b

c1522091.ferozo.com Open in urlscan Pro 200.58.111.45 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

17 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

189 kBTransfer

1106 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

c1522091.ferozo.com Open in urlscan Pro
200.58.111.45 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

17 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

1106 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!