cetes.com.ar Open in urlscan Pro
167.250.6.35 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cetes.com.ar/sms2.html
Submission: On May 08 via automatic, source openphish (May 8th 2023, 2:09:24 pm UTC) — Scanned from DE

Summary HTTP 19 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 167.250.6.35, located in Argentina and belongs to NUT HOST SRL, AR. The main domain is cetes.com.ar.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 8th 2023. Valid for: 3 months.

This is the only time cetes.com.ar was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	167.250.6.35 167.250.6.35	264649 (NUT HOST SRL) (NUT HOST SRL)
7	195.68.201.32 195.68.201.32	29080 (BULBANK-AS) (BULBANK-AS)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	4

4 167.250.6.35 (Argentina)

ASN264649 (NUT HOST SRL, AR)
PTR: nc35.servidoraweb.net

cetes.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 195.68.201.32 (Bulgaria)

ASN29080 (BULBANK-AS, BG)

bulbankonline.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bulbankonline.bg bulbankonline.bg	293 KB
4	cetes.com.ar cetes.com.ar	36 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 200	82 KB
19	3

	Domain	Requested by
7	bulbankonline.bg	cetes.com.ar bulbankonline.bg
4	cetes.com.ar	cetes.com.ar bulbankonline.bg
2	cdnjs.cloudflare.com	cetes.com.ar cdnjs.cloudflare.com
19	3

This site contains links to these domains. Also see Links.

Domain
www.unicreditbulbank.bg
online.bulbank.bg

Subject Issuer	Validity	Valid
cetes.com.ar cPanel, Inc. Certification Authority	`2023-05-08` - `2023-08-06`	3 months	crt.sh
bulbankonline.bg DigiCert SHA2 Extended Validation Server CA	`2022-08-19` - `2023-08-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cetes.com.ar/sms2.html
Frame ID: 0FEC8D7509A5C9466C7FC664347DA5D3
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UniCredit Bulbank

Detected technologies

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

19
Requests

68 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

411 kB
Transfer

821 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.unicreditbulbank.bg/bg/pravna-informatsiya/poveritelnost/
Title: Поверителност

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/bg/pravna-informatsiya/usloviya-za-polzvane/
Title: Права на ползване

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/FAQ_BG.pdf
Title: Често задавани въпроси

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sms2.html Show response
cetes.com.ar/ 34 KB
34 KB 1044ms
471ms Document
text/html 167.250.6.35
NUT HOST SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://cetes.com.ar/sms2.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.250.6.35 , Argentina, ASN264649 (NUT HOST SRL, AR),
Reverse DNS: nc35.servidoraweb.net
Software: Apache /
Resource Hash: fea1653a033fda5d2cf0649430658e10c35d605e25336d2a8ab52e370817d958

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-length: 35038
content-type: text/html
date: Mon, 08 May 2023 14:06:21 GMT
last-modified: Wed, 03 May 2023 11:25:35 GMT
server: Apache

GET
H/1.1 200
OK style.min.css
bulbankonline.bg/Content/css/ 477 KB
86 KB 239ms
49ms Stylesheet
text/css 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Content/css/style.min.css

Requested by

Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

db40a2210136553a9e96cde3287b8ec66665393d7f82163b043cffa69b92ddba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Content-Encoding: gzip
Date: Mon, 08 May 2023 14:09:18 GMT
Last-Modified: Wed, 19 Apr 2023 07:41:19 GMT
ETag: "4374e4549272d91:0"
ntCoent-Length: 488298
X-Frame-Options: sameorigin
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes

GET
H/1.1 200
OK require.js Show response
bulbankonline.bg/Scripts/libs/ 17 KB
18 KB 236ms
46ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/libs/require.js

Requested by

Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

4948c3fe4b57cd92118ec7b89deb99ff0eb2586a02c5f454df21c1ecfc144c81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:19 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:25 GMT
ETag: "bd82cdaa9072d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 17695

GET
H/1.1 200
OK promise.js Show response
bulbankonline.bg/Scripts/libs/ 6 KB
7 KB 238ms
48ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/libs/promise.js

Requested by

Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

9fbbf200dbf021f29455b9d6d7f30684651c947c2a4efb2d25c899ba8aa0305b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:19 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:25 GMT
ETag: "17e5cfaa9072d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 6235

GET
H/1.1 200
OK commonSRI.js Show response
bulbankonline.bg/Scripts/ 143 KB
144 KB 239ms
49ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/commonSRI.js

Requested by

Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

f0e244f0836e23b516e7f411d8a1452b77279d450903ef1777a2082e963a5545

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:19 GMT
Last-Modified: Wed, 19 Apr 2023 08:16:03 GMT
ETag: "7461be2e9772d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 146481

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 32ms
15ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 14:09:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 586770
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVdyTCnEeqdcIMq%2FPpdMDmv%2BCDoSPI%2F4vrsdOTSuN%2FZMWJxIRGNqF%2FUMVSo3KexVLVtrhLEYIAqMlyS%2BE1NPGHCFH%2BhszkzxsRzK8WpZKXHaOEG9ReOVbyOxGssK9cGAIXihu7T6aCiGKgjvsK5sZg%2Fz"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c4247a00b069061-FRA
expires: Sat, 27 Apr 2024 14:09:19 GMT

GET
H2 200 countdowntimer.min.css
cetes.com.ar/ 2 KB
2 KB 236ms
236ms Stylesheet
text/css 167.250.6.35
NUT HOST SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://cetes.com.ar/countdowntimer.min.css
Requested by: Host: cetes.com.ar
URL: https://cetes.com.ar/sms2.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.250.6.35 , Argentina, ASN264649 (NUT HOST SRL, AR),
Reverse DNS: nc35.servidoraweb.net
Software: Apache /
Resource Hash: 76361053013359fd1cc1af62761a35d543b91eb477d4d01aad0e07ac56df9aeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/sms2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 14:06:22 GMT
last-modified: Wed, 03 May 2023 11:25:33 GMT
server: Apache
accept-ranges: bytes
content-length: 1553
content-type: text/css

GET
H/1.1 200
OK unicredit-bulbank-logo.svg
bulbankonline.bg/Content/img/ 6 KB
7 KB 37ms
36ms Image
image/svg+xml 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/unicredit-bulbank-logo.svg

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Content/css/style.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bulbankonline.bg/Content/css/style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:18 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:19 GMT
ETag: "41d351a79072d91:0"
X-Frame-Options: sameorigin
Content-Type: image/svg+xml
Cache-Control: max-age=86400, must-revalidate
Accept-Ranges: bytes
Content-Length: 6337

GET
H/1.1 200
OK banner-cards.jpg
bulbankonline.bg/Content/img/ 30 KB
31 KB 36ms
35ms Image
image/jpeg 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/banner-cards.jpg

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Content/css/style.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

5395b148f06a7a578bd0fe96633ce4c4d3c36f5c6fda06e1962603df51ff6bba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bulbankonline.bg/Content/css/style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:19 GMT
Last-Modified: Wed, 19 Apr 2023 07:29:18 GMT
ETag: "a1ad2ba79072d91:0"
X-Frame-Options: sameorigin
Content-Type: image/jpeg
Cache-Control: max-age=86400, must-revalidate
Accept-Ranges: bytes
Content-Length: 31047

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 24ms
13ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://cetes.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 14:09:19 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 336956
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=umwjRkizBUNFBFuQ%2FQTBx9%2B3hAEgPzoAIpQMjK0WIG233lrKFIcGB0NeMBZm9Uq0pd4syN0WIP5lFk0VFUKFsDtDI5qOM6UuA5vlHumhLi1NyTxRFrTBPH9%2F1t3gqpgHYVPNCZ8s%2BhmEI0TkO8lfnPQG"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c4247a2385fbbe5-FRA
expires: Sat, 27 Apr 2024 14:09:19 GMT

GET PT_Sans-Web-Regular.ttf
bulbankonline.bg/Content/fonts/PTSans/ 0
0

GET PT_Sans-Web-Bold.ttf
bulbankonline.bg/Content/fonts/PTSans/ 0
0

GET Material-Design-Iconic-Font.woff2
bulbankonline.bg/Content/icons/ 0
0

GET UniCredit%20CY-Bold.ttf
bulbankonline.bg/Content/fonts/UniCreditCY/ 0
0

GET
H2 404 app.js
cetes.com.ar/Scripts/ 0
0 239ms
237ms Script
text/html 167.250.6.35
NUT HOST SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://cetes.com.ar/Scripts/app.js
Requested by: Host: bulbankonline.bg
URL: https://bulbankonline.bg/Scripts/libs/require.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.250.6.35 , Argentina, ASN264649 (NUT HOST SRL, AR),
Reverse DNS: nc35.servidoraweb.net
Software: Apache /
Resource Hash

Request headers

Referer: https://cetes.com.ar/sms2.html
Origin: https://cetes.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 14:06:22 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK common.js Show response
bulbankonline.bg/Scripts/ 0
627 B 46ms
45ms Script
application/javascript 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg/Scripts/common.js

Requested by

Host: bulbankonline.bg
URL: https://bulbankonline.bg/Scripts/libs/require.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security	max-age= 31999999; includeSubDomains
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cetes.com.ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com; connect-src 'self' https://localhost:53952/; frame-ancestors 'self';
Strict-Transport-Security: max-age= 31999999; includeSubDomains
Date: Mon, 08 May 2023 14:09:19 GMT
Last-Modified: Wed, 19 Apr 2023 08:16:03 GMT
ETag: "7461be2e9772d91:0"
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: max-age=28800, must-revalidate
Accept-Ranges: bytes
Content-Length: 0

GET
H2 404 common.js
cetes.com.ar/Scripts/ 0
0 238ms
238ms Script
text/html 167.250.6.35
NUT HOST SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://cetes.com.ar/Scripts/common.js
Requested by: Host: bulbankonline.bg
URL: https://bulbankonline.bg/Scripts/libs/require.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.250.6.35 , Argentina, ASN264649 (NUT HOST SRL, AR),
Reverse DNS: nc35.servidoraweb.net
Software: Apache /
Resource Hash

Request headers

Referer: https://cetes.com.ar/sms2.html
Origin: https://cetes.com.ar
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 14:06:22 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET Material-Design-Iconic-Font.woff
bulbankonline.bg/Content/icons/ 0
0

GET Material-Design-Iconic-Font.ttf
bulbankonline.bg/Content/icons/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Bold.ttf

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff2?v=2.2.0

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Bold.ttf

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff?v=2.2.0

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.ttf?v=2.2.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| requirejs function| require function| define

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff2?v=2.2.0' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff2?v=2.2.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Bold.ttf' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Bold.ttf' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/fonts/PTSans/PT_Sans-Web-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cetes.com.ar/Scripts/app.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff?v=2.2.0' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.woff?v=2.2.0 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cetes.com.ar/Scripts/common.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://cetes.com.ar/sms2.html Message: Access to font at 'https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.ttf?v=2.2.0' from origin 'https://cetes.com.ar' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bulbankonline.bg/Content/icons/Material-Design-Iconic-Font.ttf?v=2.2.0 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bulbankonline.bg
cdnjs.cloudflare.com
cetes.com.ar
bulbankonline.bg
167.250.6.35
195.68.201.32
2606:4700::6811:180e
4948c3fe4b57cd92118ec7b89deb99ff0eb2586a02c5f454df21c1ecfc144c81
51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296
5395b148f06a7a578bd0fe96633ce4c4d3c36f5c6fda06e1962603df51ff6bba
76361053013359fd1cc1af62761a35d543b91eb477d4d01aad0e07ac56df9aeb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9fbbf200dbf021f29455b9d6d7f30684651c947c2a4efb2d25c899ba8aa0305b
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
db40a2210136553a9e96cde3287b8ec66665393d7f82163b043cffa69b92ddba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0e244f0836e23b516e7f411d8a1452b77279d450903ef1777a2082e963a5545
fea1653a033fda5d2cf0649430658e10c35d605e25336d2a8ab52e370817d958

cetes.com.ar Open in urlscan Pro 167.250.6.35 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

68 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

411 kBTransfer

821 kBSize

0 Cookies

3 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

14 Console Messages

Indicators

cetes.com.ar Open in urlscan Pro
167.250.6.35 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

68 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

411 kB
Transfer

821 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!