grupohame.com Open in urlscan Pro
54.205.207.127 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://grupohame.com/fwc/
Submission Tags: @phish_report
Submission: On August 29 via api (August 29th 2023, 3:08:10 pm UTC) from FI — Scanned from FI

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 39 HTTP transactions. The main IP is 54.205.207.127, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is grupohame.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 25th 2023. Valid for: 3 months.

This is the only time grupohame.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
32	54.205.207.127 54.205.207.127	14618 (AMAZON-AES) (AMAZON-AES)
1	13.225.78.82 13.225.78.82	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	34.227.254.206 34.227.254.206	14618 (AMAZON-AES) (AMAZON-AES)
39	5

32 54.205.207.127 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-207-127.compute-1.amazonaws.com

grupohame.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-82.fra2.r.cloudfront.net

assets.queue-it.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.227.254.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-254-206.compute-1.amazonaws.com

logo.prismasystems.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	grupohame.com grupohame.com	3 MB
1	prismasystems.com.ar logo.prismasystems.com.ar	430 B
1	gstatic.com fonts.gstatic.com	48 KB
1	queue-it.net assets.queue-it.net — Cisco Umbrella Rank: 15311	1 KB
0	crazyegg.com Failed script.crazyegg.com Failed
39	5

	Domain	Requested by
32	grupohame.com	grupohame.com
1	logo.prismasystems.com.ar	grupohame.com
1	fonts.gstatic.com	grupohame.com
1	assets.queue-it.net	grupohame.com
0	script.crazyegg.com Failed	grupohame.com
39	5

This site contains no links.

Subject Issuer	Validity	Valid
grupohame.com ZeroSSL RSA Domain Secure Site CA	`2023-08-25` - `2023-11-23`	3 months	crt.sh
*.queue-it.net Amazon RSA 2048 M03	`2023-08-22` - `2024-09-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
logo.prismasystems.com.ar DigiCert TLS RSA SHA256 2020 CA1	`2022-10-19` - `2023-10-19`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://grupohame.com/fwc/
Frame ID: F9C43A815C88B425DE9A4752FF463474
Requests: 46 HTTP requests in this frame

Frame: https://logo.prismasystems.com.ar/db_carga5.php
Frame ID: F1515730B72346EE4A4AD3D1D892631E
Requests: 3 HTTP requests in this frame

Frame: https://grupohame.com/fwc/archivos/saved_resource.html
Frame ID: C33F865098551E123149F88AF5EB8368
Requests: 1 HTTP requests in this frame

Frame: https://grupohame.com/fwc/archivos/saved_resource(1).html
Frame ID: C40AD6111474AF5E19464FA874A744E8
Requests: 1 HTTP requests in this frame

Frame: https://grupohame.com/fwc/archivos/saved_resource(2).html
Frame ID: 8EFAB45E9CB499519D3FD91A70B4756E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking Santander | Inicio de SesiónGroup 5Group 5Group 9 CopyGroup 9Bitmapdescargarcheck 1brands / amex@0.5xIconos_infoDB9B8FF2-FB33-48CD-A504-B1B7229EFF1E@0.5xbuscar-mobilebuscar06. system / SYS037 | tick in a circle Copy 8@3xArtboard 146CCFE5E-B818-4E04-9CAE-3A27EAC927D1@2xV2_Iconos topbarGroup 8Iconos_generalMesa de trabajo 1dadescargarIconos_generaladdVector Smart Object3Iconos_generaleliminareliminar02D170V2_Iconos topbarfiltrosflecha-rojaflecha-verdeIconos_icono02D170Icono_másIconos_Ilustras - Feedbacks desktop (1)B. Digital, Tech & Docs/e. Arrows/BE280-download | SYMBOLS, arrow, download, descargar, save, guardar, export, exportarIconos_generalleftB. Digital, Tech & Docs/d. Symbols/BD150-warning in a circle | SYMBOLS, alert, alerta, aviso, warning, peligro, danger, errorbrands / mcbrands / mcIc btn link btnB. Digital, Tech & Docs/d. Symbols/BD740-timeout | SYMBOLS, no more time, time out, timeout, tiempo agotado, expired session, sesión expiradaic-errorB. Digital, Tech & Docs/c. Documents/BC390-image unavailable | 🔍 DOCUMENTS, unavailable, missing, broken, not found, image, imagen, no disponible, rota, tachada, crossed, photo, picture, fotoB. Digital, Tech & Docs/c. Documents/BC390-image unavailable | 🔍 DOCUMENTS, unavailable, missing, broken, not found, image, imagen, no disponible, rota, tachada, crossed, photo, picture, foto02. chanels / CHAN001 | acceleratormobp_warningMoneyGroup 12notifiaciones-clearnotificaciones-fullB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy@0.5xV2_Iconos topbarPesosB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy 4@0.5xB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy 2@0.5xpsMobile Top-upB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy 4Asset 1Iconos_reversarrightCBDC86A1-0E3D-4F28-86F3-5CEA7EDD734B@0.5xB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy 2@0.5xC19C20C4-09FB-481C-B81F-638CAA846A54@0.5xGroup 35Group 36Group 36notifiaciones-clearIlustras - Feedbacks desktop (1)srB. Digital, Tech & Docs/e. Arrows/BE280-download | SYMBOLS, arrow, download, descargar, save, guardar, export, exportarTarjetaIlustras - TarjetasUntitled-7tcB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión@0.5xIconos_triangle-upB. Digital, Tech & Docs/a. Devices/BA200-tv | DEVICES, TV, Smart TV, Television, Televisión Copy 4@0.5xupIcono_Icono_brands / visa@0.5xbrands / visa@0.5x01. banking / BAN001C | account Currencydescargarconsulta_aliasB. Digital, Tech & Docs/d. Symbols/BD160-help in a circle | SYMBOLS, question, help, ayuda, pregunta, ask, peticiónB. Digital, Tech & Docs/d. Symbols/BD160-help in a circle | SYMBOLS, question, help, ayuda, pregunta, ask, peticióninfoRotacion-izquierdaRotacion-derechaTablet-derechaTablet-izq

Page Statistics

39
Requests

90 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

3660 kB
Transfer

4752 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
grupohame.com/fwc/ 1 MB
409 KB 626ms
193ms Document
text/html 54.205.207.127
AMAZON-AES

General

Domain/Path	Expires	Name / Value
.grupohame.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D6_sn_9R20GS3JJOIABUMVDIPK7PDCV05M8S22
.grupohame.com/	1969-12-31 23:59:59	Name: rxVisitor Value: 1693321683472E49G9Q51QSKPIN4T3H4476BJA8KRFMSN
.grupohame.com/	1969-12-31 23:59:59	Name: dtLatC Value: 217
.grupohame.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.grupohame.com/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.grupohame.com/	1970-01-20 23:07:37	Name: bmuid Value: 1693321684095-61624322-0C27-4669-8723-E353C146B3CA
.grupohame.com/	1970-01-20 14:22:05	Name: cdSNum Value: 1693321685488-sjn0000615-7a2f1f11-213a-4f71-bbde-3e5c0b12f293
.grupohame.com/	1969-12-31 23:59:59	Name: rxvt Value: 1693323488130\|1693321683473
.grupohame.com/	1969-12-31 23:59:59	Name: dtPC Value: -6$121683467_774h-vRBPDSIWAKUKHSPHTAOUWCMHESCFUOMQL-0e0

Source	Level	URL Text
network	error	URL: https://grupohame.com/obp-webapp/angular/client/app/common/fonts2/Santander_Windows/Santander_Micro_Text/TTF/SantanderMicroText.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://grupohame.com/obp-webapp/angular/client/app/common/fonts2/Santander_Windows/Santander_Headline/TTF/SantanderHeadline-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

grupohame.com Open in urlscan Pro 54.205.207.127 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

39 Requests

90 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

3660 kBTransfer

4752 kBSize

9 Cookies

0 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

grupohame.com Open in urlscan Pro
54.205.207.127 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

90 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

3660 kB
Transfer

4752 kB
Size

9
Cookies

39 HTTP transactions
15 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!