138.68.82.121
Open in
urlscan Pro
138.68.82.121
Malicious Activity!
Public Scan
Effective URL: http://138.68.82.121/BB-vo/
Submission: On April 26 via manual from US
Summary
This is the only time 138.68.82.121 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BBVA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.197 104.244.42.197 | 13414 (TWITTER) (TWITTER - Twitter Inc.) | |
1 | 185.2.4.138 185.2.4.138 | 203461 (REGISTER_...) (REGISTER_UK-AS) | |
8 | 138.68.82.121 138.68.82.121 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 | 103.136.42.75 103.136.42.75 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
11 | 4 |
ASN203461 (REGISTER_UK-AS, GB)
PTR: lhcp1138.webapps.net
www.bergamoartefiera.it |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: smtp.newamesssgfre.com
138.68.82.121 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
onlinewebfonts.com
db.onlinewebfonts.com |
864 B |
1 |
bergamoartefiera.it
www.bergamoartefiera.it |
395 B |
1 |
t.co
t.co |
514 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
1 | db.onlinewebfonts.com |
138.68.82.121
|
1 | www.bergamoartefiera.it |
t.co
|
1 | t.co | |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert SHA2 High Assurance Server CA |
2019-03-07 - 2020-03-07 |
a year | crt.sh |
bergamoartefiera.it Let's Encrypt Authority X3 |
2019-03-19 - 2019-06-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://138.68.82.121/BB-vo/
Frame ID: 862D1017EAD551A2782BD73FEBD0C0D5
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/I3lxL0SXaH Page URL
- https://www.bergamoartefiera.it/orng.php Page URL
- http://138.68.82.121/BB-vo/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/I3lxL0SXaH Page URL
- https://www.bergamoartefiera.it/orng.php Page URL
- http://138.68.82.121/BB-vo/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
I3lxL0SXaH
t.co/ |
275 B 514 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
orng.php
www.bergamoartefiera.it/ |
89 B 395 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
138.68.82.121/BB-vo/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
138.68.82.121/BB-vo/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb7b81980a1af21f4da78e4a1165607d
db.onlinewebfonts.com/c/ |
1 KB 864 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
138.68.82.121/BB-vo/js/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
engine.js
138.68.82.121/BB-vo/js/ |
1 KB 749 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.png
138.68.82.121/BB-vo/css/img/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo@2x.png
138.68.82.121/BB-vo/css/img/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Aller.woff2
138.68.82.121/BB-vo/css/fonts/Aller/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Aller-Bold.woff2
138.68.82.121/BB-vo/css/fonts/Aller/ |
31 KB 32 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BBVA (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 1; mode=block; report=https://twitter.com/i/xss_report |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
db.onlinewebfonts.com
t.co
www.bergamoartefiera.it
103.136.42.75
104.244.42.197
138.68.82.121
185.2.4.138
101e672bba5e4f941c2d03df6f69c814eb7754dfc1ef287f8f5db07dce08b622
1bc0200e6c59d549b9c6819f4e75cb4024547a40345392f5ca0f31461e4a4f2d
2449add3b5d19cc8162f520fb874ded374db1853045fcd4dff3c521e6c3ea94d
49be62275ab1f5b74831f3cf50041fe7801702bb54f8ca080dcf494f301ca8cc
703afdaf4301005c93cb0fcf7d49ecc8d614d7500937dee962aaf17b4b7dad80
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9817247628379b281e5c16e6ce3968e433d6ccb3eae72681ad26a4b94df9bccc
ab361c7df5b28dfcdea3a47843dbb43282d2790bbb6140d52487d875c5e87cc0
f43aa318509483d5f2c59afbe42621cba6a0f7d24d84537c03632ad7b852f2b9