belsugromanesc.ro
Open in
urlscan Pro
185.146.87.35
Malicious Activity!
Public Scan
Effective URL: https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/
Submission: On June 21 via automatic, source phishtank
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 6th 2019. Valid for: 3 months.
This is the only time belsugromanesc.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco de la Provincia de Buenos Aires (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 17 | 185.146.87.35 185.146.87.35 | 5588 (GTSCE GTS...) (GTSCE GTS Central Europe / Antel Germany) | |
1 | 2606:4700::68... 2606:4700::6813:c397 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 200.41.238.28 200.41.238.28 | 10834 (Telefonic...) (Telefonica de Argentina) | |
2 | 2606:4700::68... 2606:4700::6813:c597 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
19 | 4 |
ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ)
PTR: cw185-adf-hg35.romania-webhosting.com
belsugromanesc.ro |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN10834 (Telefonica de Argentina, AR)
www.bancoprovincia.com.ar |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
belsugromanesc.ro
2 redirects
belsugromanesc.ro |
580 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
158 KB |
1 |
bancoprovincia.com.ar
www.bancoprovincia.com.ar |
11 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
17 | belsugromanesc.ro |
2 redirects
belsugromanesc.ro
|
3 | cdnjs.cloudflare.com |
belsugromanesc.ro
|
1 | www.bancoprovincia.com.ar |
belsugromanesc.ro
|
19 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bancoprovincia.com.ar |
bee.redlink.com.ar |
www.facebook.com |
twitter.com |
www.instagram.com |
www.bcra.gob.ar |
consumidor.gob.ar |
www.jus.gob.ar |
accesible.bancoprovincia.bancainternet.com.ar |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mouserent.ro Let's Encrypt Authority X3 |
2019-06-06 - 2019-09-04 |
3 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-02 - 2019-09-08 |
6 months | crt.sh |
www.bancoprovincia.com.ar DigiCert SHA2 Secure Server CA |
2019-05-10 - 2021-05-10 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/
Frame ID: FAC85E647FCFCB38240AAF538F1919D5
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://belsugromanesc.ro/.well-known/acme-challenge/banco/
HTTP 302
https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6 HTTP 301
https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
28 Outgoing links
These are links going to different origins than the main page.
Title: ¿Dificultades para ingresar?
Search URL Search Domain Scan URL
Title: Recomendaciones de Seguridad
Search URL Search Domain Scan URL
Title: PREGUNTAS FRECUENTESBIP EMPRESAS
Search URL Search Domain Scan URL
Title: BIP TOKEN
Search URL Search Domain Scan URL
Title: MANUAL EN LÍNEA
Search URL Search Domain Scan URL
Title: BANCOEMPRE@
Search URL Search Domain Scan URL
Title: Centro de Ayuda0810-222-2776
Search URL Search Domain Scan URL
Title: Sucursales y Cajeros
Search URL Search Domain Scan URL
Title: Información al UsuarioFinanciero
Search URL Search Domain Scan URL
Title: Compras ylicitaciones
Search URL Search Domain Scan URL
Title: FeriadosLocales
Search URL Search Domain Scan URL
Title: InformaciónÚtil
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Gobierno Institucional
Search URL Search Domain Scan URL
Title: Atención al Usuario de Servicios Financieros
Search URL Search Domain Scan URL
Title: Régimen de Transparencia del BCRA
Search URL Search Domain Scan URL
Title: Portal del Cliente Bancario
Search URL Search Domain Scan URL
Title: PEPs y Sujetos Obligados
Search URL Search Domain Scan URL
Title: Defensa al Consumidor
Search URL Search Domain Scan URL
Title: Protección de Datos Personales
Search URL Search Domain Scan URL
Title: Centro de Seguridad
Search URL Search Domain Scan URL
Title: Términos y Condiciones
Search URL Search Domain Scan URL
Title: Oportunidades inmobiliarias
Search URL Search Domain Scan URL
Title: Asesoramiento sobre deudas con atraso
Search URL Search Domain Scan URL
Title: Modo Accesible
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://belsugromanesc.ro/.well-known/acme-challenge/banco/
HTTP 302
https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6 HTTP 301
https://belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/style/ |
22 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.jpg
belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/imgs/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/ |
67 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconoTeclado.png
belsugromanesc.ro/eBanking/images/IN/login/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bullet_error.png
belsugromanesc.ro/eBanking/images/IN/login/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
imagen_bcra_usuariosfinancieros
www.bancoprovincia.com.ar/CDN/Get/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
left-top.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top-middle.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
right-top.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-left.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progress.gif
belsugromanesc.ro/eBanking/images/alert/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-right.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-left-c.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-middle.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-right-c.gif
belsugromanesc.ro/eBanking/images/alphacube/ |
37 KB 37 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/webfonts/ |
73 KB 73 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.jpeg
belsugromanesc.ro/.well-known/acme-challenge/banco/6e59b6085c1cd4ec4b18b99de014e2e6/imgs/ |
159 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/webfonts/ |
73 KB 73 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco de la Provincia de Buenos Aires (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
belsugromanesc.ro
cdnjs.cloudflare.com
www.bancoprovincia.com.ar
185.146.87.35
200.41.238.28
2606:4700::6813:c397
2606:4700::6813:c597
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640
234ae2132697162793129f7ae5deda44626c5b4851b94b9e9369df0e2cdd0f6a
2d7ca9012d015464a44611a94257b91a973fd9281f0bcb4244afdcc84f548b30
2fca4a84627c41ee7aae32b8ecc97fc75a69f1d336afdb960e9df90e54b6fa71
57c96fd4294617fb0bf3842d1f77ec2365ff0d0d00b6817508b6192df0e8c169
a24f1e96b16645c67ea424aae45aaf39cb67d44f7456b3875863b0d8f93e065d
d8f3079ee6cc463ef16cabbfcc3b490331f78cee4a3764027ce0577e8eab4071
dfd8ca6ec6ffb72eecefee16cdbb442d2e2fabdb9d27e3038c64c3e66b711d9d
e47e6ebbdbd6ca0f528b45eb35b7ddb95dac5eec27415b27d193c1b7f6a61707