c1891690.ferozo.com
Open in
urlscan Pro
200.58.111.78
Malicious Activity!
Public Scan
Submission Tags: https://phish.report @phish_report Search All
Submission: On December 17 via api from FI — Scanned from FI
Summary
This is the only time c1891690.ferozo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 200.58.111.78 200.58.111.78 | 27823 (Dattatec.com) (Dattatec.com) | |
1 | 142.250.180.227 142.250.180.227 | 15169 (GOOGLE) (GOOGLE) | |
6 | 2 |
ASN27823 (Dattatec.com, AR)
PTR: c189.dattaweb.com
c1891690.ferozo.com |
ASN15169 (GOOGLE, US)
PTR: bud02s34-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ferozo.com
c1891690.ferozo.com |
149 KB |
1 |
gstatic.com
fonts.gstatic.com |
39 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
5 | c1891690.ferozo.com |
c1891690.ferozo.com
|
1 | fonts.gstatic.com |
c1891690.ferozo.com
|
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.gstatic.com GTS CA 1C3 |
2022-11-28 - 2023-02-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://c1891690.ferozo.com/
Frame ID: 378473A4C6A947B7414D22E97E21F5B0
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
c1891690.ferozo.com/ |
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
string.css
c1891690.ferozo.com/principal/css/ |
1 MB 121 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
toda.js
c1891690.ferozo.com/principal/js/ |
259 B 544 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-sr.svg
c1891690.ferozo.com/principal/images/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ilustracion.svg
c1891690.ferozo.com/principal/images/ |
22 KB 22 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v27/ |
39 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| controltag0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c1891690.ferozo.com
fonts.gstatic.com
142.250.180.227
200.58.111.78
39d713573f32f1b52ed897073193e7522bc98628265a87ab2ee49f6a1860e0f8
405f3392198ce4a77c2c729b4666731fa79641190d69cd9c742c3a9f3d9fe02e
68167598227a00a5a5c8ee96e827c57ac7180714676817c58ad7c0fa10d4fbb7
a3da2294bd217a525632719a16c187a10fc7a8bedf86fff611e52ca049b146cf
a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448
c9795c8390b656c79384cbf530bc39ca1929789a26e1b3a34ea206b1f3f5f65b