talaveradelaluz.com
Open in
urlscan Pro
148.243.225.42
Malicious Activity!
Public Scan
Submitted URL: http://talaveradelaluz.com/sites/default/files/plugins/home.html#024218.shtml-%20Q!kIQp4wzy6#hKIr6o1Fm2eMLRRZGbCd7xGJEa6FK-...
Effective URL: http://talaveradelaluz.com/sites/default/files/plugins/home.html
Submission: On August 26 via manual from BR
Effective URL: http://talaveradelaluz.com/sites/default/files/plugins/home.html
Submission: On August 26 via manual from BR
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 20 HTTP transactions.
The main IP is 148.243.225.42, located in
Mexico, Mexico and
belongs to Axtel, S.A.B. de C.V., MX.
The main domain is talaveradelaluz.com.
This is the only time talaveradelaluz.com was scanned on urlscan.io!
This is the only time talaveradelaluz.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 18 | 148.243.225.42 148.243.225.42 | 6503 (Axtel) (Axtel) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 104.20.13.105 104.20.13.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 20 | 3 |
18
148.243.225.42
(Mexico, Mexico)
ASN6503 (Axtel, S.A.B. de C.V., MX)
PTR: na-148-243-225-42.static.avantel.net.mx
ASN6503 (Axtel, S.A.B. de C.V., MX)
PTR: na-148-243-225-42.static.avantel.net.mx
| talaveradelaluz.com |
1
104.20.13.105
(San Francisco, United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| image.prntscr.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
talaveradelaluz.com
talaveradelaluz.com |
207 KB |
| 1 |
prntscr.com
image.prntscr.com |
2 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
33 KB |
| 20 | 3 |
| Domain | Requested by | |
|---|---|---|
| 18 | talaveradelaluz.com |
talaveradelaluz.com
ajax.googleapis.com |
| 1 | image.prntscr.com |
talaveradelaluz.com
|
| 1 | ajax.googleapis.com |
talaveradelaluz.com
|
| 20 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ssl366238.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-07-09 - 2019-01-15 |
6 months | crt.sh |
This page contains 8 frames:
Primary Page:
http://talaveradelaluz.com/sites/default/files/plugins/home.html
Frame ID: 42F61FAE3D7BF44C1712D835CC0E808C
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA1.html
Frame ID: 2BCE63FC1764FC9E0AA23F51DAAEA95A
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA2.html
Frame ID: 0A53764A5BC9BA73152626E643305891
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA3.html
Frame ID: 495FBB33F76E67A36215652F22982099
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA4.html
Frame ID: 0C3197416487BCB31F52CC47A59DC88D
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA5.html
Frame ID: C6F6BB44FEC154766400D786C8B9FC56
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/ZUMBILANDIA6.html
Frame ID: DE10291E854780E78337366BEB993A28
Requests: 1 HTTP requests in this frame
Frame:
http://talaveradelaluz.com/sites/default/files/plugins/Inicial.php
Frame ID: 8BCF31FA365B17E57A746C116017F86F
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
home.html
talaveradelaluz.com/sites/default/files/plugins/ |
697 B 1007 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA1.html
talaveradelaluz.com/sites/default/files/plugins/ Frame 2BCE |
414 B 723 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA2.html
talaveradelaluz.com/sites/default/files/plugins/ Frame 0A53 |
410 B 719 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA3.html
talaveradelaluz.com/sites/default/files/plugins/ Frame 495F |
410 B 719 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA4.html
talaveradelaluz.com/sites/default/files/plugins/ Frame 0C31 |
410 B 719 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA5.html
talaveradelaluz.com/sites/default/files/plugins/ Frame C6F6 |
410 B 719 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZUMBILANDIA6.html
talaveradelaluz.com/sites/default/files/plugins/ Frame DE10 |
404 B 713 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
 Cookie set
Inicial.php
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
principal.css
talaveradelaluz.com/sites/default/files/plugins/Style/ Frame 8BCF |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ Frame 8BCF |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
function.js
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
CVto83H9Qka_tECojCt5yw.png
image.prntscr.com/image/ Frame 8BCF |
1 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Doodle_Transferencia_22_05_2017.jpg
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
175 KB 176 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Inicial.php
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
1 KB 2 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fundo.png
talaveradelaluz.com/sites/default/files/plugins/pics/ Frame 8BCF |
189 B 482 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fundobotao.png
talaveradelaluz.com/sites/default/files/plugins/pics/ Frame 8BCF |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img1.png
talaveradelaluz.com/sites/default/files/plugins/pics/ Frame 8BCF |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
Cookie set
processa.php
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
124 B 559 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
undefined
talaveradelaluz.com/sites/default/files/plugins/Style/ Frame 8BCF |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
processa.php
talaveradelaluz.com/sites/default/files/plugins/ Frame 8BCF |
124 B 501 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| titulo0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
image.prntscr.com
talaveradelaluz.com
104.20.13.105
148.243.225.42
2a00:1450:4001:820::200a
08dc3311968394f1901452a2e9fda7839d8fa9aa9880d43a913bc22ad4281421
4885099e0b16395ee738d9939f9c8a3d1b931ff5e45ebf3d1660563a82d0bbb5
49c90b894e14f638503f5db315dd197389a12c07b5c6ed8349ee0c9a39d5c66a
4eb5c459efc4fca62a756244c3d3395c762f44ca7cb57f1ee27967969312230b
53afe287dc5ec8360b44d40877120db94e0e8eaf6463f38a0512f2ac343f1606
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
545f6481d3bfd287947e97ff540d885b46c540c04d83cb83d32be52b69af36c6
67222bf8c32a049667c93e8cfc74fcb4958cfce69fe27923167f8e9a0e074e24
773ec4d7d461d13f66140332602cc95ec00670e626bcda4573e973107e18c1eb
778bb645a5e70f95733a5073f1b518e4028d9205c5a9b3e2e37655a52294ed20
77a235b669f86c00bd91b4eb21350d291a1958234fba88654251928139023b63
b3589117c37420c748ce393268ce98b2d9e771b3b11d9fd76d505c69c524a1d8
d22745f6cc96c56605136928e54b6c837ce37ee7be030dc1f9d659287470252e
eb524829205f606db669c7b5235b8c4534df7a3b9ccb49d6a4a8f07157083a69
f45db1771813ae0f9e9117e8b578a0c1f068b81e4799a4cfb1f0a5101cba7854
f590dd6e957065e6ec763bfc1c431d873e400bacac23d85992627f7cfc6b0b64
ff966a5df8cf77d223342180d2971e3d7c5b89f12d1fcf2463c1f7b9a19aab35