banitsmo-personas.web.app
Open in
urlscan Pro
151.101.1.195
Malicious Activity!
Public Scan
Effective URL: https://banitsmo-personas.web.app/
Submission Tags: 7169515
Submission: On June 11 via api from NL
Summary
TLS certificate: Issued by GTS CA 1D4 on May 19th 2021. Valid for: 3 months.
This is the only time banitsmo-personas.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banistmo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 198.37.116.30 198.37.116.30 | 17216 (DC74-AS) (DC74-AS) | |
9 | 151.101.1.195 151.101.1.195 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
13 | 5 |
ASN17216 (DC74-AS, US)
PTR: 116.37.198-30.dc74.net
banlnitsmo-online.somee.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
web.app
banitsmo-personas.web.app |
286 KB |
2 |
gstatic.com
fonts.gstatic.com |
37 KB |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
somee.com
banlnitsmo-online.somee.com |
634 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
9 | banitsmo-personas.web.app |
banlnitsmo-online.somee.com
banitsmo-personas.web.app |
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
banitsmo-personas.web.app
|
1 | banlnitsmo-online.somee.com | |
13 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2021-05-19 - 2021-08-17 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-05-10 - 2021-08-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-05-17 - 2021-08-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://banitsmo-personas.web.app/
Frame ID: 511916AE9AD4E7466C9E1C4E061929E6
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://banlnitsmo-online.somee.com/ Page URL
- https://banitsmo-personas.web.app/ Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://banlnitsmo-online.somee.com/ Page URL
- https://banitsmo-personas.web.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
banlnitsmo-online.somee.com/ |
386 B 634 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
banitsmo-personas.web.app/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
23 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6afcaa24.chunk.css
banitsmo-personas.web.app/static/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.a88d3746.chunk.js
banitsmo-personas.web.app/static/js/ |
1 MB 232 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.65aaa207.chunk.js
banitsmo-personas.web.app/static/js/ |
44 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoBanistmo.2b515fbc.svg
banitsmo-personas.web.app/static/media/ |
11 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
person.6ccda3e8.svg
banitsmo-personas.web.app/static/media/ |
2 KB 966 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
placeholderimg.f998ff57.jfif
banitsmo-personas.web.app/static/media/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phone-alt-solid.7df015ac.svg
banitsmo-personas.web.app/static/media/ |
502 B 403 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
infoIcon.a271eefe.svg
banitsmo-personas.web.app/static/media/ |
888 B 419 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XRXW3I6Li01BKofAjsOUYevI.woff2
fonts.gstatic.com/s/nunito/v16/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v16/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banistmo (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| webpackJsonpbanistmo0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
banitsmo-personas.web.app
banlnitsmo-online.somee.com
fonts.googleapis.com
fonts.gstatic.com
151.101.1.195
198.37.116.30
2a00:1450:4001:802::200a
2a00:1450:4001:829::2003
06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55
266a954da6d86c7ed99d4db7a683628c1787c661037fcd3e27ecf1f7da138dc0
2e2e075fc11a020796af44448c1e0589b2d097e8e925bd708f6cf230bd4b93a9
3e1e4e919d7e9f9d0b1e03369c43b93822b5f9f8f633e46227b7c601b2849f0a
5a025283099080aedf9535a3c6925b80af993fd14f7866439193f9d11ca6ed1d
622b2acb1b2c8d4eba45b028583b297a195b839f4684fc02d6906c84779f763d
659191ec4e8d24a8a16de659151738e1deea9e73698d257ae03229f2ac84da87
8fede6d8bdd0c7cd77fe5d24b448d327851486e9851ee1b52d659ec02d3a1d8f
a29786fd206082899dafb5e627b3e515db17befeb136f0cb7ffce578d654b2fe
afac3f6d061408b60fcd32084d8d3f3e38f04cdd6502d1aeff1ae83e9136b778
e18d26d7df8e7078fd313690cc50aa566e04aad3c0234b798224cf1768e515e9
ef97e11bb9ce37dd72e7fafd99c881b7f2b4cf85d63eaabac01bf442fbee4faf
f9ba5a87372970835aabf29cb5def87b199c442d9084683dd53c81192732a201
fc7f5a74946fc8acfe945637999c02ae6a9aee6a3213e7e1b5a4941a00ff98d4