y-pfsrviclb.icu Open in urlscan Pro
104.251.111.203 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://y-pfsrviclb.icu/
Effective URL:
https://y-pfsrviclb.icu/
Submission Tags: @phish_report
Submission: On June 05 via api (June 5th 2024, 5:41:48 pm UTC) from FI — Scanned from CA

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 104.251.111.203, located in Toronto, Canada and belongs to ZAYO-6461, US. The main domain is y-pfsrviclb.icu.
TLS certificate: Issued by y-pfsrviclb.icu on May 28th 2024. Valid for: a year.

This is the only time y-pfsrviclb.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Ciudad (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	104.251.111.203 104.251.111.203	6461 (ZAYO-6461) (ZAYO-6461)
1	209.85.232.95 209.85.232.95	15169 (GOOGLE) (GOOGLE)
1	34.117.186.192 34.117.186.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	45.233.68.123 45.233.68.123	22798 (RED LINK ...) (RED LINK S.A.)
11	4

8 104.251.111.203 (Toronto, Canada)

ASN6461 (ZAYO-6461, US)
PTR: cp3.hostsilo.com

y-pfsrviclb.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.85.232.95 (United States)

ASN15169 (GOOGLE, US)
PTR: qt-in-f95.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.186.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.186.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.233.68.123 (Argentina)

ASN22798 (RED LINK S.A., AR)
PTR: hbcustom.redlink.com.ar

hb.bancociudad.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	y-pfsrviclb.icu y-pfsrviclb.icu	356 KB
1	bancociudad.com.ar hb.bancociudad.com.ar	9 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 6589	604 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 461	31 KB
11	4

	Domain	Requested by
8	y-pfsrviclb.icu	y-pfsrviclb.icu
1	hb.bancociudad.com.ar
1	ipinfo.io	ajax.googleapis.com
1	ajax.googleapis.com	y-pfsrviclb.icu
11	4

This site contains no links.

Subject Issuer	Validity	Valid
y-pfsrviclb.icu y-pfsrviclb.icu	`2024-05-28` - `2025-05-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-05-13` - `2024-08-05`	3 months	crt.sh
ipinfo.io R3	`2024-06-03` - `2024-09-01`	3 months	crt.sh
hb.bancociudad.com.ar Sectigo RSA Extended Validation Secure Server CA	`2023-07-18` - `2024-08-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://y-pfsrviclb.icu/
Frame ID: C78A9EC6B8308F067CD6A16A23109EC1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HomeB. Ciudad

Page URL History Show full URLs

http://y-pfsrviclb.icu/ HTTP 307
https://y-pfsrviclb.icu/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

27 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

397 kB
Transfer

667 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://y-pfsrviclb.icu/ HTTP 307
https://y-pfsrviclb.icu/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
y-pfsrviclb.icu/
Redirect Chain

http://y-pfsrviclb.icu/
https://y-pfsrviclb.icu/

14 KB
3 KB

92ms
28ms

Document
text/html

104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed / PHP/7.4.33
Resource Hash: 3f8993b408a6d8f1c8f6ab11504540ee61eedf66908224c9e3d0bc22c98b03ee

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 05 Jun 2024 17:41:43 GMT
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

Location: https://y-pfsrviclb.icu/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 135ms
43ms Script
text/javascript 209.85.232.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f95.1e100.net

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 23:48:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Jun 2025 23:48:55 GMT

GET
H2 200 styles.c4bbbb8559e969311498.css
y-pfsrviclb.icu/cessna/ 235 KB
35 KB 37ms
36ms Stylesheet
text/css 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: 4980d222ff7d6039237c898a283341fbb613dc3258ffad9816890ffd0882c0f9

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
content-encoding: br
last-modified: Tue, 28 May 2024 19:36:39 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35984
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 ciudad.svg
y-pfsrviclb.icu/img/ 4 KB
2 KB 60ms
59ms Image
image/svg+xml 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://y-pfsrviclb.icu/img/ciudad.svg
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: 69c24732e6b7afebfc32b64f5dc465aed7c1e5ae2083d8a4327931618f323f17

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
content-encoding: br
last-modified: Tue, 28 May 2024 19:36:50 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1644
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 icono-login.png
y-pfsrviclb.icu/img/ 6 KB
6 KB 60ms
60ms Image
image/png 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://y-pfsrviclb.icu/img/icono-login.png
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: c0e6f30e7bbb291540bdc48ead3ce0c41a9c99cf813e521572225a46215e7931

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
last-modified: Tue, 28 May 2024 19:36:50 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6233
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 sax.js Show response
y-pfsrviclb.icu/js/ 1 KB
616 B 19ms
19ms Script
application/javascript 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/js/sax.js
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: 9f01ec50946ed9e80533622f56f7e2ce2a890c9b0ef8dce7f46071ee0b588083

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
content-encoding: br
last-modified: Tue, 28 May 2024 19:36:59 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 542
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 / Show response
ipinfo.io/ 302 B
604 B 99ms
58ms XHR
application/json 34.117.186.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.186.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

192.186.117.34.bc.googleusercontent.com

Software

nginx/1.24.0 /

Resource Hash

01f11afbe9e0cd57c00b23d8c81e210bad8e12e0c20dee92ee1a6ef5db4a19c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
via: 1.1 google
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.24.0
strict-transport-security: max-age=2592000; includeSubDomains
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 302
x-xss-protection: 1; mode=block

GET
H2 200 Roboto-Regular.73f0a88bbca1bec19fb1.woff2
y-pfsrviclb.icu/cessna/ 63 KB
63 KB 37ms
35ms Font
font/woff2 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/cessna/Roboto-Regular.73f0a88bbca1bec19fb1.woff2
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: 47107401d0adb375ab9aa167f9d62489a849d510e740a307b5a4db60e5db3562

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Origin: https://y-pfsrviclb.icu
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
last-modified: Tue, 28 May 2024 19:36:39 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 64632
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 GuardianTextSans-Regular-App.2648b97ab884e20f4b2b.ttf
y-pfsrviclb.icu/cessna/ 123 KB
123 KB 50ms
48ms Font
font/ttf 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/cessna/GuardianTextSans-Regular-App.2648b97ab884e20f4b2b.ttf
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: 86b1cd99a0a57f6368efa18bcab21b075914c65ac5d43ce6affe97c22e0ffae1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Origin: https://y-pfsrviclb.icu
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
last-modified: Tue, 28 May 2024 19:36:39 GMT
server: LiteSpeed
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 125948
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H2 200 GuardianTextSans-Medium-App.aa2f0a6e826c5f02646a.ttf
y-pfsrviclb.icu/cessna/ 123 KB
123 KB 96ms
95ms Font
font/ttf 104.251.111.203
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL: https://y-pfsrviclb.icu/cessna/GuardianTextSans-Medium-App.aa2f0a6e826c5f02646a.ttf
Requested by: Host: y-pfsrviclb.icu
URL: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.251.111.203 Toronto, Canada, ASN6461 (ZAYO-6461, US),
Reverse DNS: cp3.hostsilo.com
Software: LiteSpeed /
Resource Hash: d26dff6e5349c0c6952b8e98b9965215e2abb62bd908d12e8de74fc8a5eab3a8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/cessna/styles.c4bbbb8559e969311498.css
Origin: https://y-pfsrviclb.icu
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 17:41:43 GMT
last-modified: Tue, 28 May 2024 19:36:39 GMT
server: LiteSpeed
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 126028
expires: Wed, 12 Jun 2024 17:41:43 GMT

GET
H/1.1 200
OK favicon.png
hb.bancociudad.com.ar/assets/ 9 KB
9 KB 1087ms
204ms Other
image/png 45.233.68.123
RED LINK S.A.

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.bancociudad.com.ar/assets/favicon.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.233.68.123 , Argentina, ASN22798 (RED LINK S.A., AR),

Reverse DNS

hbcustom.redlink.com.ar

Software

nginx /

Resource Hash

2bdf4ac46b037d1abce919e168a390a071fd0c32542b116cf6826ea26e6eab1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://y-pfsrviclb.icu/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 05 Jun 2024 17:41:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 30 May 2024 17:33:56 GMT
Server: nginx
ETag: "6658b884-22dd"
Content-Type: image/png
Cache-Control: max-age=2592000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8925
Expires: Fri, 05 Jul 2024 17:41:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Ciudad (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
hb.bancociudad.com.ar
ipinfo.io
y-pfsrviclb.icu
104.251.111.203
209.85.232.95
34.117.186.192
45.233.68.123
01f11afbe9e0cd57c00b23d8c81e210bad8e12e0c20dee92ee1a6ef5db4a19c6
2bdf4ac46b037d1abce919e168a390a071fd0c32542b116cf6826ea26e6eab1b
3f8993b408a6d8f1c8f6ab11504540ee61eedf66908224c9e3d0bc22c98b03ee
47107401d0adb375ab9aa167f9d62489a849d510e740a307b5a4db60e5db3562
4980d222ff7d6039237c898a283341fbb613dc3258ffad9816890ffd0882c0f9
69c24732e6b7afebfc32b64f5dc465aed7c1e5ae2083d8a4327931618f323f17
86b1cd99a0a57f6368efa18bcab21b075914c65ac5d43ce6affe97c22e0ffae1
9f01ec50946ed9e80533622f56f7e2ce2a890c9b0ef8dce7f46071ee0b588083
c0e6f30e7bbb291540bdc48ead3ce0c41a9c99cf813e521572225a46215e7931
d26dff6e5349c0c6952b8e98b9965215e2abb62bd908d12e8de74fc8a5eab3a8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

y-pfsrviclb.icu Open in urlscan Pro 104.251.111.203 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

27 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

397 kBTransfer

667 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

y-pfsrviclb.icu Open in urlscan Pro
104.251.111.203 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

27 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

397 kB
Transfer

667 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!