frascneestingresospersonasempresas.net
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission: On March 14 via manual from ZA — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on March 10th 2023. Valid for: 3 months.
This is the only time frascneestingresospersonasempresas.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BBVA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.109.75.39 104.109.75.39 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
10 | 3 |
ASN13335 (CLOUDFLARENET, US)
frascneestingresospersonasempresas.net |
ASN16625 (AKAMAI-AS, US)
PTR: a104-109-75-39.deploy.static.akamaitechnologies.com
www.bbva.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
frascneestingresospersonasempresas.net
frascneestingresospersonasempresas.net |
76 KB |
1 |
bbva.com.ar
www.bbva.com.ar — Cisco Umbrella Rank: 488011 |
151 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | frascneestingresospersonasempresas.net |
frascneestingresospersonasempresas.net
|
1 | www.bbva.com.ar |
frascneestingresospersonasempresas.net
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.frascneestingresospersonasempresas.net GTS CA 1P5 |
2023-03-10 - 2023-06-08 |
3 months | crt.sh |
bbva.com.ar DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-09 - 2023-05-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://frascneestingresospersonasempresas.net/?id_JIBBRS=DR-478685
Frame ID: 70B21527941D74C209AD3DF6B6D63D34
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Inicio | HomeDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
frascneestingresospersonasempresas.net/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
frascneestingresospersonasempresas.net/files1/ |
216 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
frascneestingresospersonasempresas.net/files1/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.css
frascneestingresospersonasempresas.net/files1/ |
93 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
identification.png
frascneestingresospersonasempresas.net/files1/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_bbva_blanco.svg
frascneestingresospersonasempresas.net/files1/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
frascneestingresospersonasempresas.net/files1/ |
79 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
183 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marquee-young-woman-smiling-with-lactop-at-cafe.im1574777727130im.jpg
www.bbva.com.ar/content/dam/public-web/argentina/photos/ |
150 KB 151 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-icons.woff2
frascneestingresospersonasempresas.net/files1/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-icons.woff
frascneestingresospersonasempresas.net/files1/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BBVA (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless number| uidEvent object| bootstrap object| seePassword0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
frascneestingresospersonasempresas.net
www.bbva.com.ar
104.109.75.39
2a06:98c1:3121::3
061f0b1ea79e6e2ca24f4603e55d3e909f7471ba0b279cdb6dea40554106c6a2
2a14672ea416c6c90a116bfb0beefec78eae5a98881acf696d144553da44a094
4110bfbebf5162bd8ce32b34a411c8c4ec827b0d65947993c25379646e5db120
932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386
9a50136a82e60c31374c9e33aa75b51a291d26b5c0a4f118063b801ff11da9c0
c60a2bc3e536152769bb94a00833a840525897aa9248556a544ebfed3e01b72c
d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f
ec7c21a9a4d67fd9fbca7c0781031a9b6dbca1229bd4d25c51966596f57a7aec