bbva.es-7472.info
Open in
urlscan Pro
2606:4700:3034::6815:49c8
Malicious Activity!
Public Scan
Effective URL: https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/login/
Submission Tags: @phishunt_io
Submission: On March 13 via api from DE — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on March 12th 2024. Valid for: 3 months.
This is the only time bbva.es-7472.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BBVA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 193.168.141.177 193.168.141.177 | 39622 (ZERGRUSH) (ZERGRUSH) | |
4 25 | 2606:4700:303... 2606:4700:3034::6815:49c8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 66.29.153.51 66.29.153.51 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
23 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server349-2.web-hosting.com
powerpanelcms.online |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
es-7472.info
4 redirects
bbva.es-7472.info |
578 KB |
2 |
powerpanelcms.online
powerpanelcms.online |
561 B |
1 |
es-7442.info
1 redirects
bbva.es-7442.info |
81 B |
23 | 3 |
Domain | Requested by | |
---|---|---|
25 | bbva.es-7472.info |
4 redirects
bbva.es-7472.info
|
2 | powerpanelcms.online |
bbva.es-7472.info
|
1 | bbva.es-7442.info | 1 redirects |
23 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
es-7472.info GTS CA 1P5 |
2024-03-12 - 2024-06-10 |
3 months | crt.sh |
powerpanelcms.online Sectigo RSA Domain Validation Secure Server CA |
2024-01-19 - 2025-01-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/login/
Frame ID: 8DFB3423E7C74DF361DAC1D94B308CA5
Requests: 22 HTTP requests in this frame
Frame:
https://bbva.es-7472.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js
Frame ID: A88840E09E62A0096764994E6A0D8055
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
AccessPage URL History Show full URLs
-
https://bbva.es-7442.info/
HTTP 301
https://bbva.es-7472.info/es HTTP 301
https://bbva.es-7472.info/es/ Page URL
-
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686
HTTP 301
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/ HTTP 302
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/login/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bbva.es-7442.info/
HTTP 301
https://bbva.es-7472.info/es HTTP 301
https://bbva.es-7472.info/es/ Page URL
-
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686
HTTP 301
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/ HTTP 302
https://bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bbva.es-7442.info/ HTTP 301
- https://bbva.es-7472.info/es HTTP 301
- https://bbva.es-7472.info/es/
- https://bbva.es-7472.info/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://bbva.es-7472.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bbva.es-7472.info/es/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
bbva.es-7472.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/ Frame A888 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
863b8f02c8a586c6
bbva.es-7472.info/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame A888 |
0 604 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686/login/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
bbva.es-7472.info/es/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
bbva.es-7472.info/es/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
bbva.es-7472.info/es/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clientlib_base.css
bbva.es-7472.info/es/login/index_files/ |
332 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.css
bbva.es-7472.info/es/login/index_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
imgs.css
bbva.es-7472.info/es/login/index_files/ |
386 KB 288 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animation_stick.css
bbva.es-7472.info/es/login/index_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font.css
bbva.es-7472.info/es/login/index_files/ |
324 B 624 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loading_circle.css
bbva.es-7472.info/es/login/index_files/ |
1 KB 887 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loginapp.css
bbva.es-7472.info/es/login/index_files/ |
212 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
bbva.es-7472.info/es/login/form/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
bbva.es-7472.info/es/login/token/ |
19 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sans-Medium.woff2
bbva.es-7472.info/es/login/index_files/fonts/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Sans-Book.woff2
bbva.es-7472.info/es/login/index_files/fonts/ |
51 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SpareBank1-Regular-Web79c94508d6f926bd4786b062863ec94b.woff2
bbva.es-7472.info/static/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
powerpanelcms.online/panel938881/ |
57 B 280 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gate.php
powerpanelcms.online/panel938881/ |
57 B 281 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SpareBank1-Regular-Web5dd929d573a9ffcca4f05ffc2dfa4cc3.woff
bbva.es-7472.info/static/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
SPRW.woff2
bbva.es-7472.info/es/login/index_files/fonts/ |
36 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BBVA (Financial)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser string| bid object| php_js string| el function| ask_login_proxy function| ask_sms_proxy function| ask_dni_proxy function| next__ function| finish__ object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q object| loader_ function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| CORE__ object| REST_FN__ number| bidder_timer3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bbva.es-7472.info/es/5a70e582a00e00f219097e1ded4fd686 | Name: bid Value: 5a70e582a00e00f219097e1ded4fd686 |
|
bbva.es-7472.info/es | Name: real Value: OK |
|
.es-7472.info/ | Name: cf_clearance Value: n8rqeCAMEUkd2.DOALCBaCrMvz0_UO5MNA5Dt78HgZQ-1710328029-1.0.1.1-IFoQUlq51T9QvnBVmh2EOno.TKe.ZC.bO6FScsA8X3XU1v5xIoN5Pg_akQ8cKhsGyFHIMryKMUEsIJ9_4b4ZCg |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bbva.es-7442.info
bbva.es-7472.info
powerpanelcms.online
193.168.141.177
2606:4700:3034::6815:49c8
66.29.153.51
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
11cce4125ac21b86fcc86472f5a046d2dd52e85e7030994ab318158f934c3047
1d3b3ecc6f93f773102d0b12f769971f9fcd51f0ec286292d09e6a0a58d27477
33c279bc6b259e5f819a181013de621bb80ca46119bd6c5e83c9ce58092795e9
5ad9905e946ca98b15a519996a8f675f31a421ed56a526a4212a8af6b4e79432
5f8843f04d178ee7ab77ec470f4ef2a0d2a4f261e61f1ba5f979d2e0a0fb10aa
6c4a91ebf8a57880b025f85a02e8e4d2488fd3aa71a62438282f1b5b56e4dfae
6d46f1e7ba4449b42fe2a93f3028ba913d4eee27d02d5d183c25cf96080733bb
77c13ad7eec6e31ead9cf00b64524561e868f36ff6050375358dadfb14484ac4
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8522cbd84607e5a77e9327aada521a31ee9c6f0206c5113f3c32a1bdf33dbc2c
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
97d1dc4c4d34b706653827d1edc8548f128242badf952e817a7bb7746122f2a2
9bed638e0da9891bc5fb038f3f9d29576a0ad5a9c39603c62508d2313b59bf17
a2e1aa990d06b653fca08b30a18d72a35795450bb10281a4864a70e7717c53fd
c0983c9f4dcb4dc7f75259b9d260dab184c117d57198e172a2488e3debf7d86f
c22b599398a1008cfff047a39d1aca99d8124e6fd3973c68aa6c246504fcfb62
c3f94eaeec0ba380eaabbb88ddd986747f79f378b796a2a2aaea9648e71fc745
ce76fadc5aa6c2c526765866945a882ecebc84237257274b970a3ba55f728748
d077a2d912911f4faf6aa1ecb4026e246512be07c7c18b7ca058b93b0eb6b38a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68a4c6eac5b5b07350c2fcd442d040bf56ab34babaa437ddb48dd687c108b21