webscrab.com Open in urlscan Pro
160.153.0.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://webscrab.com/
Submission: On July 22 via automatic, source certstream-suspicious (July 22nd 2024, 6:49:02 am UTC) — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 160.153.0.70, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is webscrab.com.
TLS certificate: Issued by WE1 on July 22nd 2024. Valid for: 3 months.

This is the only time webscrab.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nequi (Financial)

Domain & IP information

	IP Address	AS Autonomous System
16	160.153.0.70 160.153.0.70	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
1	34.117.59.81 34.117.59.81	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
20	6

16 160.153.0.70 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
PTR: 70.0.153.160.host.secureserver.net

webscrab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.59.81 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	webscrab.com webscrab.com	208 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	18 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 5710	395 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	31 KB
20	4

	Domain	Requested by
16	webscrab.com	webscrab.com
1	fonts.gstatic.com	webscrab.com
1	www.gstatic.com	webscrab.com
1	ipinfo.io	webscrab.com
1	ajax.googleapis.com	webscrab.com
20	5

This site contains no links.

Subject Issuer	Validity	Valid
webscrab.com WE1	`2024-07-22` - `2024-10-20`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
ipinfo.io R10	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://webscrab.com/
Frame ID: F661E92C64F7990DB09D957454238281
Requests: 14 HTTP requests in this frame

Frame: https://webscrab.com/nequ/anchor.html
Frame ID: 76F327538403C242B2B211AA0FAC7ACC
Requests: 6 HTTP requests in this frame

Frame: https://webscrab.com/nequ/saved_resource.html
Frame ID: 5F688633A45B7DB1CA1A5A5B6F1C3349
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Recarga

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<div[^>]+class="g-recaptcha"

Page Statistics

20
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

257 kB
Transfer

649 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
webscrab.com/ 13 KB
3 KB 95ms
38ms Document
text/html 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: bfc35b53da27d50496ce78734921e390e3cc8215a810520ecafb7a0f4cd6ff1c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 1
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 8a717cefbad94d9d-FRA
content-encoding: br
content-type: text/html
date: Mon, 22 Jul 2024 06:48:57 GMT
expires: Tue, 22 Jul 2025 06:48:57 GMT
last-modified: Wed, 12 Jun 2024 00:59:24 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 68ms
19ms Script
text/javascript 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: webscrab.com
URL: https://webscrab.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 09:18:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Jul 2025 09:18:28 GMT

GET
H2 200 bootstrap.min.css
webscrab.com/nequ/ 115 KB
19 KB 671ms
670ms Stylesheet
text/css 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/bootstrap.min.css
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e7e-1ca39-615619bca4780-br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb224d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H2 200 angular-tooltips.min.css
webscrab.com/nequ/ 4 KB
1 KB 646ms
646ms Stylesheet
text/css 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/angular-tooltips.min.css
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 5712dbc947ed72821980b91341b778f92645ef5bff76de7f5f15a786a792b74b

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e7c-1178-615619bca4780-br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb254d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H2 200 animate.min.css
webscrab.com/nequ/ 57 KB
5 KB 201ms
201ms Stylesheet
text/css 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/animate.min.css
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e7d-e311-615619bca4780-br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb274d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:57 GMT

GET
H2 200 main.css
webscrab.com/nequ/ 16 KB
4 KB 642ms
641ms Stylesheet
text/css 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/main.css
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 671ac49b2e56e8b7f0c344fc6cd5165a09317987308633398cd1efde676d83e0

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e80-414e-615619bca4780-br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb2b4d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H2 200 nequi.svg
webscrab.com/nequ/ 3 KB
1 KB 210ms
210ms Image
image/svg+xml 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webscrab.com/nequ/nequi.svg
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: e00039a29756a066522d5d10dde1ab1c9b429bd894c80920d04b7c2aaa00cb6a

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e82-b77-615619bca4780-br"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb2d4d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:57 GMT

GET
H2 200 script.js Show response
webscrab.com/pse/ 1 KB
753 B 644ms
644ms Script
application/javascript 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/pse/script.js
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 15a631b0f36f9a96095048dd6cb784b28fd9283dd97871cac9ed5c1f7046fdd2

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jul 2024 02:04:30 GMT
server: cloudflare
etag: W/"1521e85-56a-61d176a970780-br"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a717ceffb304d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H3 200 anchor.html Show response
webscrab.com/nequ/ Frame 76F3 9 KB
2 KB 640ms
640ms Document
text/html 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/anchor.html
Requested by: Host: webscrab.com
URL: https://webscrab.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 96f0e45d470575d8c75074746efadc3656418f1fad680c7bfa6c9179933bd1e7

Request headers

Referer: https://webscrab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 8a717cf09b2c974c-FRA
content-encoding: br
content-type: text/html
date: Mon, 22 Jul 2024 06:48:58 GMT
expires: Tue, 22 Jul 2025 06:48:58 GMT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
vary: Accept-Encoding

GET
H3 500 flecha.png
webscrab.com/images/ 899 B
899 B 685ms
684ms Image
text/html 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webscrab.com/images/flecha.png
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: b8e5b459b6f27844e08ea1aa38133bd886f20f223af498ef490b203efa1346b8

Request headers

Referer: https://webscrab.com/nequ/main.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
cf-cache-status: MISS
server: cloudflare
cf-ray: 8a717cf43f61974c-FRA
alt-svc: h3=":443"; ma=86400
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1

GET
H3 200 Manrope-VariableFont_wght.ttf
webscrab.com/fonts/ 161 KB
66 KB 814ms
813ms Font
font/ttf 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/fonts/Manrope-VariableFont_wght.ttf
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 42814a407491bfe54e4bfbc51ff6500d39445e49cc3feedea984cb5a768b04aa

Request headers

Referer: https://webscrab.com/nequ/main.css
Origin: https://webscrab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e79-28448-615619bca4780-br"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000
cf-ray: 8a717cf43f69974c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H3 200 AvenirNextLTPro-Medium.woff
webscrab.com/fonts/ 39 KB
39 KB 344ms
344ms Font
font/woff 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/fonts/AvenirNextLTPro-Medium.woff
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 51d8f18ada19b5e1a633aa192f5b0558135f0d491a91d80f558c9e14b717c41f

Request headers

Referer: https://webscrab.com/nequ/main.css
Origin: https://webscrab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e75-9a90-615619bca4780-br"
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=31536000
cf-ray: 8a717cf43f6b974c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H3 200 AvenirNextLTPro-Regular.woff
webscrab.com/fonts/ 38 KB
38 KB 799ms
799ms Font
font/woff 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/fonts/AvenirNextLTPro-Regular.woff
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: a824d133a8823d309f2f80f4ced4200adb33c3e446f5287a1f5ada5d8bd144ee

Request headers

Referer: https://webscrab.com/nequ/main.css
Origin: https://webscrab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:59 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:48 GMT
server: cloudflare
etag: W/"1521e78-96d8-615619babc300-br"
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=31536000
cf-ray: 8a717cf43f6d974c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H2 200 json Show response
ipinfo.io/ 289 B
395 B 191ms
139ms Fetch
application/json 34.117.59.81
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/json

Requested by

Host: webscrab.com
URL: https://webscrab.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

81.59.117.34.bc.googleusercontent.com

Software

Resource Hash

4c0440ed23a262e60413ff00668dc260f240366ac5342949564bd66b2c60f1b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 google
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 195

GET
H3 200 styles__ltr.css
webscrab.com/nequ/ Frame 76F3 55 KB
25 KB 663ms
663ms Stylesheet
text/css 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/styles__ltr.css
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/anchor.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Request headers

Referer: https://webscrab.com/nequ/anchor.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e83-dc4e-615619bca4780-br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8a717cf4afe7974c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:58 GMT

GET
H3 500 saved_resource.html Show response
webscrab.com/nequ/ Frame 5F68 899 B
1 KB 718ms
718ms Document
text/html 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/saved_resource.html
Requested by: Host: webscrab.com
URL: https://webscrab.com/nequ/anchor.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: 69ebe9ad1fd6333c37af98926600d4669272ea5d504d0f2597741d42cf9a2ce0

Request headers

Referer: https://webscrab.com/nequ/anchor.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 8a717cf4afef974c-FRA
content-type: text/html; charset=iso-8859-1
date: Mon, 22 Jul 2024 06:48:59 GMT
server: cloudflare
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 76F3 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 76F3 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 76F3 2 KB
3 KB 82ms
19ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: webscrab.com
URL: https://webscrab.com/nequ/styles__ltr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 00:24:06 GMT
x-content-type-options: nosniff
age: 541493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 23 Jul 2024 00:24:06 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 76F3 15 KB
16 KB 78ms
20ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: webscrab.com
URL: https://webscrab.com/nequ/anchor.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webscrab.com/
Origin: https://webscrab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 03:11:04 GMT
x-content-type-options: nosniff
age: 531475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Jul 2025 03:11:04 GMT

GET
H3 200 email-decode.min.js Show response
webscrab.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ Frame 5F68 1 KB
836 B 50ms
48ms Script
application/javascript 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://webscrab.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: webscrab.com
URL: https://webscrab.com/nequ/saved_resource.html

Protocol

Security

QUIC, , AES_128_GCM

Server

160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

70.0.153.160.host.secureserver.net

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://webscrab.com/nequ/saved_resource.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2024 17:12:08 GMT
server: cloudflare
etag: W/"6696a9e8-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8a717cf93d09974c-FRA
expires: Wed, 24 Jul 2024 06:48:59 GMT

GET
H3 200 favicon.ico
webscrab.com/nequ/ 15 KB
2 KB 243ms
243ms Other
image/x-icon 160.153.0.70
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://webscrab.com/nequ/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 160.153.0.70 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS: 70.0.153.160.host.secureserver.net
Software: cloudflare /
Resource Hash: d382f60b677d398672670acf4210a046af9a16d22d9a8d668cfbd85d81b1c4cb

Request headers

Referer: https://webscrab.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 06:48:59 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 05 Apr 2024 23:13:50 GMT
server: cloudflare
etag: W/"1521e7f-3c2e-615619bca4780-br"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: public, max-age=31536000
cf-ray: 8a717cf99d8e974c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Jul 2025 06:48:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nequi (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://webscrab.com/nequ/anchor.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://webscrab.com/images/flecha.png Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://webscrab.com/nequ/saved_resource.html Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.gstatic.com
ipinfo.io
webscrab.com
www.gstatic.com
160.153.0.70
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:82b::2003
34.117.59.81
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
15a631b0f36f9a96095048dd6cb784b28fd9283dd97871cac9ed5c1f7046fdd2
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
42814a407491bfe54e4bfbc51ff6500d39445e49cc3feedea984cb5a768b04aa
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4c0440ed23a262e60413ff00668dc260f240366ac5342949564bd66b2c60f1b1
51d8f18ada19b5e1a633aa192f5b0558135f0d491a91d80f558c9e14b717c41f
5712dbc947ed72821980b91341b778f92645ef5bff76de7f5f15a786a792b74b
671ac49b2e56e8b7f0c344fc6cd5165a09317987308633398cd1efde676d83e0
69ebe9ad1fd6333c37af98926600d4669272ea5d504d0f2597741d42cf9a2ce0
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
96f0e45d470575d8c75074746efadc3656418f1fad680c7bfa6c9179933bd1e7
a824d133a8823d309f2f80f4ced4200adb33c3e446f5287a1f5ada5d8bd144ee
b8e5b459b6f27844e08ea1aa38133bd886f20f223af498ef490b203efa1346b8
bfc35b53da27d50496ce78734921e390e3cc8215a810520ecafb7a0f4cd6ff1c
d382f60b677d398672670acf4210a046af9a16d22d9a8d668cfbd85d81b1c4cb
e00039a29756a066522d5d10dde1ab1c9b429bd894c80920d04b7c2aaa00cb6a
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

webscrab.com Open in urlscan Pro 160.153.0.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

6 IPs

2 Countries

257 kBTransfer

649 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

webscrab.com Open in urlscan Pro
160.153.0.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

257 kB
Transfer

649 kB
Size

0
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!