wsec19-bancogalicia.com
Open in
urlscan Pro
2606:4700:3034::ac43:b40b
Malicious Activity!
Public Scan
Submission: On February 19 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on February 16th 2023. Valid for: 3 months.
This is the only time wsec19-bancogalicia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Galicia (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3034::ac43:b40b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
1 | 161.190.1.33 161.190.1.33 | 13474 (Banco de ...) (Banco de Galicia y Buenos Aires) | |
8 | 3 |
ASN13474 (Banco de Galicia y Buenos Aires, AR)
PTR: wsec06.bancogalicia.com.ar
wsec06.bancogalicia.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
wsec19-bancogalicia.com
wsec19-bancogalicia.com |
171 KB |
1 |
bancogalicia.com.ar
wsec06.bancogalicia.com.ar |
3 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346 |
14 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
6 | wsec19-bancogalicia.com |
wsec19-bancogalicia.com
|
1 | wsec06.bancogalicia.com.ar |
wsec19-bancogalicia.com
|
1 | cdn.jsdelivr.net |
wsec19-bancogalicia.com
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wsec19-bancogalicia.com GTS CA 1P5 |
2023-02-16 - 2023-05-17 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
wsec06.bancogalicia.com.ar DigiCert SHA2 Extended Validation Server CA |
2022-03-15 - 2023-03-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wsec19-bancogalicia.com/
Frame ID: 51452B06BA9D04952DE4FACC9ACC46A3
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Gaicia | loginDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wsec19-bancogalicia.com/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/ |
93 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
wsec19-bancogalicia.com/main/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
wsec19-bancogalicia.com/main/ |
115 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-galicia-new.png
wsec19-bancogalicia.com/main/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-ob.png
wsec19-bancogalicia.com/main/ |
40 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-banner-07.jpg
wsec19-bancogalicia.com/main/ |
101 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l-accesos.png
wsec06.bancogalicia.com.ar/images/commons/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Galicia (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
wsec06.bancogalicia.com.ar
wsec19-bancogalicia.com
161.190.1.33
2606:4700:3034::ac43:b40b
2a04:4e42:200::485
06dafcc7c041da9c6a9465ae0481878aebd8bcbde25f1ed2ad601a14e07db4e5
23b83af9357e3c395d99276c28aa90784241ae2ec8d02718ac191546ab921453
284627306a3d1ac25a21fd5fa4ef02476311552117570c23ea2437535173c01c
31afa957108f620ee57fedf4b247b461f88e30f921b6a6216576b9f42d72fbad
8ba5487a3441be54f0d77878bdde04863c7918e7551eae45e7d4d039d701d313
c1ac115788f922e9bb68fc1e4710ed077bcae6e5014bc163c434b598e1e17ec9
cc844372a954fade66a2e83cffafce2cf4d4e5cb82b7f17e279dc88017c77088
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f