![](/screenshots/a40b0915-a5a1-4209-9d6a-b6d97bc01f59.png)
banc0bpm.com
Open in
urlscan Pro
172.67.159.23
Malicious Activity!
Public Scan
Effective URL: https://banc0bpm.com/home.php?verify=W6CEO9D2W6CE-CX79-W6CECX79CX79-F4Q9CX79&identifyData=4pv10vh00heggg8pt5qhd7563l&...
Submission: On June 06 via manual from DE — Scanned from IT
Summary
TLS certificate: Issued by E1 on June 4th 2024. Valid for: 3 months.
This is the only time banc0bpm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco BPM S.p.A. (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 28 | 172.67.159.23 172.67.159.23 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
banc0bpm.com
2 redirects
banc0bpm.com |
427 KB |
26 | 1 |
Domain | Requested by | |
---|---|---|
28 | banc0bpm.com |
2 redirects
banc0bpm.com
|
26 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
banc0bpm.com E1 |
2024-06-04 - 2024-09-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://banc0bpm.com/home.php?verify=W6CEO9D2W6CE-CX79-W6CECX79CX79-F4Q9CX79&identifyData=4pv10vh00heggg8pt5qhd7563l&timeAttemp=c4ca4238a0b923820dcc509a6f75849b
Frame ID: C13BA001A9D8C1BB0C1365532ADE85D1
Requests: 26 HTTP requests in this frame
Screenshot
![](/screenshots/a40b0915-a5a1-4209-9d6a-b6d97bc01f59.png)
Page Title
YouWeb fullPage URL History Show full URLs
-
http://banc0bpm.com/
HTTP 307
https://banc0bpm.com/ HTTP 302
https://banc0bpm.com/home.php?verify=TAD7SNDZTAD7-Y9BX-TAD7Y9BXY9BX-6WPNY9BX&identifyData=4pv10vh... HTTP 307
http://banc0bpm.com/ HTTP 307
https://banc0bpm.com/ HTTP 302
https://banc0bpm.com/home.php?verify=W6CEO9D2W6CE-CX79-W6CECX79CX79-F4Q9CX79&identifyData=4pv10vh... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://banc0bpm.com/
HTTP 307
https://banc0bpm.com/ HTTP 302
https://banc0bpm.com/home.php?verify=TAD7SNDZTAD7-Y9BX-TAD7Y9BXY9BX-6WPNY9BX&identifyData=4pv10vh00heggg8pt5qhd7563l&timeAttemp=9bf31c7ff062936a96d3c8bd1f8f2ff3 HTTP 307
http://banc0bpm.com/ HTTP 307
https://banc0bpm.com/ HTTP 302
https://banc0bpm.com/home.php?verify=W6CEO9D2W6CE-CX79-W6CECX79CX79-F4Q9CX79&identifyData=4pv10vh00heggg8pt5qhd7563l&timeAttemp=c4ca4238a0b923820dcc509a6f75849b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
home.php
banc0bpm.com/ Redirect Chain
|
1 KB 871 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
banc0bpm.com/public/styles/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
banc0bpm.com/public/javascripts/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.js
banc0bpm.com/public/javascripts/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
extra.js
banc0bpm.com/public/javascripts/ |
105 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-header.js
banc0bpm.com/public/javascripts/pages/components/ |
612 B 741 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-footer.js
banc0bpm.com/public/javascripts/pages/components/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
phone.js
banc0bpm.com/public/javascripts/pages/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
banc0bpm.com/public/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
left1.png
banc0bpm.com/public/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
left2.png
banc0bpm.com/public/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
left3.png
banc0bpm.com/public/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon_dest1.png
banc0bpm.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon_dest2.png
banc0bpm.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon_dest3.png
banc0bpm.com/public/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon_dest4.png
banc0bpm.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-footer.png
banc0bpm.com/public/images/ |
20 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app1.png
banc0bpm.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app2.png
banc0bpm.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app3.png
banc0bpm.com/public/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background.jpg
banc0bpm.com/public/images/ |
220 KB 221 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
montserrat-light-webfont.woff2
banc0bpm.com/public/styles/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
montserrat-medium-webfont.woff2
banc0bpm.com/public/styles/fonts/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
montserrat-semibold-webfont.woff2
banc0bpm.com/public/styles/fonts/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
api.php
banc0bpm.com/ |
151 B 581 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
banc0bpm.com/public/images/ |
1 KB 1 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco BPM S.p.A. (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Vue function| callApi function| PulseHeart function| getSession1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
banc0bpm.com/ | Name: PHPSESSID Value: 4pv10vh00heggg8pt5qhd7563l |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
banc0bpm.com
172.67.159.23
01c7a56b5e7258a9fff736723de74385d21fa4d434cb0cc0707fe078d299ac1f
0558b43080269c9d75df311a33ebd65abc758201c2335b84d8fa8a82184be4da
10939eb8b3023ed0487b925e7318ba570b75046d4e0586d3da9d9238ee19c1d2
13e087f2c275c8392174523707cb16e38c6e4d7c3b1990317be161e59bd09359
1f840faea889a8f684deedb1691f9997f7dc883841d23a0e554c6754308c06e1
25c121f7614482fbd31ae2a13e5b70e1f627ee69219bee2804f5c17a418468c3
279651bb8acd679315d390adedc36d316686137675ebee51f1ee0b8d0a6305d2
2917d46b0ce7a64bfeb3664efb9c5b495128047f6fee73247ba8a77194f2a764
2a17a0c8509ac33ca4c2d4e448329a355d8a8587875a231136f08dfe92a23bc0
2e04fd03380f37826cd7910fd6572db153539af8df6af646a953d84879ecc3f0
2e94059026f9a10e067ca6cb8175a6feb7a3d9d1cf1000d4bc5e31e8d7c22673
3b775d6e0b0f5cff98aca4daaa7f27a7c3678f39d1f5186776bb14b63cc2f625
56396d4a5bd53b739f4a34401017152e926a7f2ef51e2a6b4b728dde01662544
5b2958e7689855fc4a0e8642b27ff08b9307ace940d9704772d762795047d9cb
6a838aba816080ab1253e8eff0666e790e140d5fc94bbdfc8123156d54af6116
7ed3c13ed8fc8e4e13558e3082a359f33fa2148d9f914bda9a561e8de9f8a3ea
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0
9d65c346220c19b44a1836c693733aa7d74f9400ae18f14c60cdbd2a61daa1a0
a8420002621731ad5b96f42ba7b609cf4ff295bbb02e8fc0645c506b11106fb7
b5cd6bacc70b8d89c604d517fdefc92765be32a4a394adceb083497fb65812b7
b99d6336c75b46a1de3cd95bbeb7262303787385b5176c3028476f035b567885
c762ff9af3fecbe70e4fba92f06bbd25e4359b2a7ef6d3958dab11d47be43309
cc8f234f2ae5221f5e33df49bef454ae03fbb80c9db4aaf8e53bd85fad4c575e
d644f56d0839826ee78df2b9c14378a9c15079a09e5d8096277c2e697360d988
f048f986415c8132286e80e921d377694a6896971174635bbfb6ffc65a140ef8
f522a21e89d62f036fe1adadd573043e3ffe8607a3bb70076af913f1780997cb