urlscan.io logo urlscan.io
SecurityTrails logo

myblog-y7etu730v.live-website.com Open in urlscan Pro
217.160.0.234  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://thejournal.fonfrege.com/+/
Effective URL: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Submission: On March 13 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 217.160.0.234, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is myblog-y7etu730v.live-website.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on June 9th 2023. Valid for: a year.
This is the only time myblog-y7etu730v.live-website.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixabank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 34.74.21.221 396982 (GOOGLE-CL...)
1 7 217.160.0.234 8560 (IONOS-AS ...)
7 2
Apex Domain
Subdomains		 Transfer
7 live-website.com
myblog-y7etu730v.live-website.com
125 KB
1 fonfrege.com
thejournal.fonfrege.com
381 B
7 2
Domain Requested by
7 myblog-y7etu730v.live-website.com 1 redirects myblog-y7etu730v.live-website.com
1 thejournal.fonfrege.com
7 2

This site contains no links.

Subject Issuer Validity Valid
thejournal.fonfrege.com
R3		 2024-01-15 -
2024-04-14		 3 months crt.sh
*.live-website.com
GeoTrust TLS RSA CA G1		 2023-06-09 -
2024-06-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Frame ID: 6DDA49FE94E0F4037BBD9472ABCC0FAD
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Acceso seguro

Page URL History Show full URLs

  1. https://thejournal.fonfrege.com/+/ Page URL
  2. https://myblog-y7etu730v.live-website.com/es/ HTTP 302
    https://myblog-y7etu730v.live-website.com/es/auth/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

125 kB
Transfer

171 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://thejournal.fonfrege.com/+/ Page URL
  2. https://myblog-y7etu730v.live-website.com/es/ HTTP 302
    https://myblog-y7etu730v.live-website.com/es/auth/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
thejournal.fonfrege.com/+/ 		90 B
381 B 		Document
General
Check archive.org
Download Go to
Full URL
https://thejournal.fonfrege.com/+/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.74.21.221 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
221.21.74.34.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
1f4ce00572200a50a1df34c32ddf033b78335031f43132032e122a203f98b34b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Wed, 13 Mar 2024 06:14:38 GMT
etag
W/"5a-612dec5de8c00-gzip"
last-modified
Tue, 05 Mar 2024 00:17:52 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 1
x-cache-group
normal
x-cacheable
SHORT
x-powered-by
WP Engine
Primary Request login.php
myblog-y7etu730v.live-website.com/es/auth/
Redirect Chain
  • https://myblog-y7etu730v.live-website.com/es/
  • https://myblog-y7etu730v.live-website.com/es/auth/login.php
49 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
0b3c3c5e04aea403a5b2f28c4ca9f6a697c817907cf656316d79fd82b2025847

Request headers

Referer
https://thejournal.fonfrege.com/+/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 13 Mar 2024 06:14:39 GMT
server
Apache

Redirect headers

content-type
text/html; charset=UTF-8
date
Wed, 13 Mar 2024 06:14:39 GMT
location
auth/login.php
server
Apache
login.css
myblog-y7etu730v.live-website.com/es/auth/res/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/res/css/login.css
Requested by
Host: myblog-y7etu730v.live-website.com
URL: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
bdd654311733745a484620551d9176f014216c83d517f9e7da44633f5cbf1f6a

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://myblog-y7etu730v.live-website.com/es/auth/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:14:39 GMT
last-modified
Sat, 09 Mar 2024 05:56:13 GMT
server
Apache
accept-ranges
bytes
etag
"7f2-61333f744b940"
content-length
2034
content-type
text/css
now.png
myblog-y7etu730v.live-website.com/es/auth/res/img/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/res/img/now.png
Requested by
Host: myblog-y7etu730v.live-website.com
URL: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
d30f1e2afb2881b5405071b730c0c1d3f4acd1fe893b425a8866cea140fe752e

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://myblog-y7etu730v.live-website.com/es/auth/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:14:39 GMT
last-modified
Sat, 09 Mar 2024 05:56:13 GMT
server
Apache
accept-ranges
bytes
etag
"3f6a-61333f744b940"
content-length
16234
content-type
image/png
lock.png
myblog-y7etu730v.live-website.com/es/auth/res/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/res/img/lock.png
Requested by
Host: myblog-y7etu730v.live-website.com
URL: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
9723a6d5f5ea669e43fd75e6af8770704573ebc065e148c13c78c334654f9007

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://myblog-y7etu730v.live-website.com/es/auth/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:14:39 GMT
last-modified
Sat, 09 Mar 2024 05:56:13 GMT
server
Apache
accept-ranges
bytes
etag
"6a2-61333f744b940"
content-length
1698
content-type
image/png
jq.js
myblog-y7etu730v.live-website.com/es/auth/res/js/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/res/js/jq.js
Requested by
Host: myblog-y7etu730v.live-website.com
URL: https://myblog-y7etu730v.live-website.com/es/auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://myblog-y7etu730v.live-website.com/es/auth/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:14:39 GMT
last-modified
Sat, 09 Mar 2024 05:56:13 GMT
server
Apache
accept-ranges
bytes
etag
"15d9d-61333f744b940"
content-length
89501
content-type
text/javascript
reg.woff2
myblog-y7etu730v.live-website.com/es/auth/res/css/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://myblog-y7etu730v.live-website.com/es/auth/res/css/reg.woff2
Requested by
Host: myblog-y7etu730v.live-website.com
URL: https://myblog-y7etu730v.live-website.com/es/auth/res/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.234 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-234.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
4c2995d8fb1bd1494a78852123ad929629c6c08eae66de7713478ad3fb4de86e

Request headers

Referer
https://myblog-y7etu730v.live-website.com/es/auth/res/css/login.css
Origin
https://myblog-y7etu730v.live-website.com
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:14:39 GMT
last-modified
Sat, 09 Mar 2024 05:56:13 GMT
server
Apache
accept-ranges
bytes
etag
"3b70-61333f744b940"
content-length
15216

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixabank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| sendData

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests