lagacetaderecreo.com.ar Open in urlscan Pro
2800:6c0:2::92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://t.co/UTUfJBPa77
Effective URL:
https://lagacetaderecreo.com.ar/home/an/no/
Submission: On September 01 via manual (September 1st 2023, 10:57:25 am UTC) from NO — Scanned from NO

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2800:6c0:2::92, located in Rosario, Argentina and belongs to Dattatec.com, AR. The main domain is lagacetaderecreo.com.ar.
TLS certificate: Issued by R3 on July 11th 2023. Valid for: 3 months.

This is the only time lagacetaderecreo.com.ar was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SpareBank 1 (Banking) BankID (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	2800:6c0:2::14 2800:6c0:2::14	27823 (Dattatec.com) (Dattatec.com)
6	2800:6c0:2::92 2800:6c0:2::92	27823 (Dattatec.com) (Dattatec.com)
7	3

2 104.244.42.133 (United States) 1 redirects

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2800:6c0:2::14 (Rosario, Argentina) 1 redirects

ASN27823 (Dattatec.com, AR)

mauan.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2800:6c0:2::92 (Rosario, Argentina)

ASN27823 (Dattatec.com, AR)

lagacetaderecreo.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	lagacetaderecreo.com.ar lagacetaderecreo.com.ar	29 KB
2	t.co 1 redirects t.co — Cisco Umbrella Rank: 577	966 B
1	mauan.com.ar 1 redirects mauan.com.ar	298 B
7	3

	Domain	Requested by
6	lagacetaderecreo.com.ar	t.co lagacetaderecreo.com.ar
2	t.co	1 redirects
1	mauan.com.ar	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.lagacetaderecreo.com.ar R3	`2023-07-11` - `2023-10-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lagacetaderecreo.com.ar/home/an/no/
Frame ID: C416AA1C14D1BAB36BD7E4DF4B22A29A
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BankID

Page URL History Show full URLs

http://t.co/UTUfJBPa77 HTTP 301
https://t.co/UTUfJBPa77 Page URL
http://mauan.com.ar/home/ HTTP 302
https://lagacetaderecreo.com.ar/home/an/no/ Page URL

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

30 kB
Transfer

104 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://t.co/UTUfJBPa77 HTTP 301
https://t.co/UTUfJBPa77 Page URL
http://mauan.com.ar/home/ HTTP 302
https://lagacetaderecreo.com.ar/home/an/no/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://t.co/UTUfJBPa77 HTTP 301
https://t.co/UTUfJBPa77

7 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

UTUfJBPa77
t.co/
Redirect Chain

http://t.co/UTUfJBPa77
https://t.co/UTUfJBPa77

270 B
619 B

330ms
185ms

Document
text/html

104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/UTUfJBPa77

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 193
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Fri, 01 Sep 2023 10:57:15 GMT
expires: Fri, 01 Sep 2023 11:02:15 GMT
perf: 7626143928
referrer-policy: unsafe-url
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 059ee5b89e558a485a98999d7e068866f8358b88dad85d3d4693bce3069c1f1b
x-response-time: 119
x-transaction-id: 285f8e171bf13294
x-xss-protection: 0

Redirect headers

cache-control: no-cache, no-store, max-age=0
content-length: 0
date: Fri, 01 Sep 2023 10:57:15 GMT
location: https://t.co/UTUfJBPa77
perf: 7626143928
server: tsa_o
x-connection-hash: fd319cb765da97393f85b13b7752a01fd0582456a07685d2a9587b8fd7947472
x-response-time: 106
x-transaction-id: 4bb77889e132e6f6

GET
H2

200

Primary Request / Show response
lagacetaderecreo.com.ar/home/an/no/
Redirect Chain

http://mauan.com.ar/home/
https://lagacetaderecreo.com.ar/home/an/no/

21 KB
7 KB

1812ms
953ms

Document
text/html

2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lagacetaderecreo.com.ar/home/an/no/
Requested by: Host: t.co
URL: https://t.co/UTUfJBPa77
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache / PHP/7.4.25
Resource Hash: e1ce7818d97d571ed987d134ac834805e244f3a486c5b0d2e49477e7dcbe7f72

Request headers

Referer: https://t.co/UTUfJBPa77
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

content-encoding: gzip
content-length: 6972
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 10:57:19 GMT
server: Apache
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.4.25

Redirect headers

Connection: Upgrade, Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Sep 2023 10:57:18 GMT
Keep-Alive: timeout=10, max=200
Location: https://lagacetaderecreo.com.ar/home/an/no/
Server: Apache
Upgrade: h2,h2c
X-Powered-By: PHP/7.0.33

GET
H2 200 common_auth.css
lagacetaderecreo.com.ar/home/an/no/index_fichiers/ 9 KB
2 KB 304ms
302ms Stylesheet
text/css 2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lagacetaderecreo.com.ar/home/an/no/index_fichiers/common_auth.css
Requested by: Host: lagacetaderecreo.com.ar
URL: https://lagacetaderecreo.com.ar/home/an/no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lagacetaderecreo.com.ar/home/an/no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 10:57:20 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 20:33:08 GMT
server: Apache
etag: "22d0-5fed1e8a06900-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 2186

GET
H2 200 bidm.css
lagacetaderecreo.com.ar/home/an/no/index_fichiers/ 42 KB
4 KB 305ms
304ms Stylesheet
text/css 2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lagacetaderecreo.com.ar/home/an/no/index_fichiers/bidm.css
Requested by: Host: lagacetaderecreo.com.ar
URL: https://lagacetaderecreo.com.ar/home/an/no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lagacetaderecreo.com.ar/home/an/no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 10:57:20 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 20:33:08 GMT
server: Apache
etag: "a782-5fed1e8a06900-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 4392

GET
H2 200 3625.css
lagacetaderecreo.com.ar/home/an/no/index_fichiers/ 4 KB
994 B 301ms
300ms Stylesheet
text/css 2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lagacetaderecreo.com.ar/home/an/no/index_fichiers/3625.css
Requested by: Host: lagacetaderecreo.com.ar
URL: https://lagacetaderecreo.com.ar/home/an/no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lagacetaderecreo.com.ar/home/an/no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 10:57:20 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 20:33:08 GMT
server: Apache
etag: "f64-5fed1e8a06900-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 882

GET
H2 200 logo2.svg
lagacetaderecreo.com.ar/home/an/no/ 7 KB
3 KB 548ms
547ms Image
image/svg+xml 2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lagacetaderecreo.com.ar/home/an/no/logo2.svg
Requested by: Host: lagacetaderecreo.com.ar
URL: https://lagacetaderecreo.com.ar/home/an/no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: e792466bba47dce696a3f4da1252de84b512fdf400eb613fd66798958a6ab491

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lagacetaderecreo.com.ar/home/an/no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 10:57:20 GMT
content-encoding: gzip
last-modified: Sat, 24 Jun 2023 21:59:58 GMT
server: Apache
etag: "1b7c-5fee73d021380-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2858

GET
H2 200 logo1.png
lagacetaderecreo.com.ar/home/an/no/index_fichiers/ 12 KB
12 KB 545ms
545ms Image
image/png 2800:6c0:2::92
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lagacetaderecreo.com.ar/home/an/no/index_fichiers/logo1.png
Requested by: Host: lagacetaderecreo.com.ar
URL: https://lagacetaderecreo.com.ar/home/an/no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::92 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lagacetaderecreo.com.ar/home/an/no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 10:57:20 GMT
last-modified: Fri, 23 Jun 2023 20:33:08 GMT
server: Apache
accept-ranges: bytes
etag: "2e84-5fed1e8a06900"
content-length: 11908
content-type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 172 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SpareBank 1 (Banking) BankID (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.t.co/	1970-01-20 23:56:20	Name: muc Value: 8622b505-fe22-4a4e-98bc-3963060f4fca

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://t.co/UTUfJBPa77 Message: Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lagacetaderecreo.com.ar
mauan.com.ar
t.co
104.244.42.133
2800:6c0:2::14
2800:6c0:2::92
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b
e1ce7818d97d571ed987d134ac834805e244f3a486c5b0d2e49477e7dcbe7f72
e792466bba47dce696a3f4da1252de84b512fdf400eb613fd66798958a6ab491
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

lagacetaderecreo.com.ar Open in urlscan Pro 2800:6c0:2::92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

7 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

30 kBTransfer

104 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

lagacetaderecreo.com.ar Open in urlscan Pro
2800:6c0:2::92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

30 kB
Transfer

104 kB
Size

1
Cookies

7 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!