![](/screenshots/f09be779-186c-46cf-a0f3-221127eb07a1.png)
www.fintrobnpeasy-security-upd2.net
Open in
urlscan Pro
13.69.228.0
Malicious Activity!
Public Scan
Submission: On March 12 via api from BE
Summary
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 11th 2021. Valid for: 6 months.
This is the only time www.fintrobnpeasy-security-upd2.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 13.69.228.0 13.69.228.0 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 2a00:1450:400... 2a00:1450:4001:811::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.fintrobnpeasy-security-upd2.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
fintrobnpeasy-security-upd2.net
www.fintrobnpeasy-security-upd2.net |
200 KB |
3 |
gstatic.com
www.gstatic.com |
110 KB |
17 | 2 |
Domain | Requested by | |
---|---|---|
14 | www.fintrobnpeasy-security-upd2.net |
www.fintrobnpeasy-security-upd2.net
|
3 | www.gstatic.com |
www.fintrobnpeasy-security-upd2.net
|
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.fintrobnpeasy-security-upd2.net GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-03-11 - 2021-09-10 |
6 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-02-23 - 2021-05-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.fintrobnpeasy-security-upd2.net/Fintro/enregistrement2.php
Frame ID: 3110B1B9424FD10F74EAF408DFB21378
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/f09be779-186c-46cf-a0f3-221127eb07a1.png)
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
enregistrement2.php
www.fintrobnpeasy-security-upd2.net/Fintro/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
262 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo2.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mlogo.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
178 B 390 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
547 B 760 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.fintrobnpeasy-security-upd2.net/Fintro/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jstraverser-fort.js
www.fintrobnpeasy-security-upd2.net/Fintro/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
www.gstatic.com/firebasejs/7.14.2/ |
19 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-auth.js
www.gstatic.com/firebasejs/7.14.1/ |
169 KB 54 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-database.js
www.gstatic.com/firebasejs/7.14.1/ |
182 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
topbg.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
108 B 320 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.png
www.fintrobnpeasy-security-upd2.net/Fintro/img/ |
351 B 564 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
regular-webfont.ttf
www.fintrobnpeasy-security-upd2.net/Fintro/font/ |
55 KB 55 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-webfont.ttf
www.fintrobnpeasy-security-upd2.net/Fintro/font/ |
56 KB 56 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-webfont.ttf
www.fintrobnpeasy-security-upd2.net/Fintro/font/ |
46 KB 46 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jstraverser-fort.js
www.fintrobnpeasy-security-upd2.net/Fintro/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| firebase object| firebaseConfig undefined| id function| call_ip_and_proceed function| connect function| errorlogin function| logged function| code2 function| focuss0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.fintrobnpeasy-security-upd2.net
www.gstatic.com
13.69.228.0
2a00:1450:4001:811::2003
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10c66d735b23cfefe9c5b52ec225f08dcadb8d10f8af7eb655d45867a2176b0a
17a9a00cca36f2f23010e8c69e856b349c12f60aaa43755d626ea9ac1066ae6b
3364646ad4857190bc3b57635a0de6a76296ce435dd7dda885559fc19017be9f
343cedf61ecd209360a39c99f8b6b456d3f82b721652a1d1c7f7a8f3a78ebe67
3c17f967939dfdcb9212557e7de62d783a3d83864843816e44e7b32a89ab3b49
43eaedd3523a071f0de1d520ed7b18d5eee105d9b03578fbcec8c597b6376b23
5541f81ec8b8649f7048f9f4a1ef2afde00dafb59025e7dd5b1ed222a6db6069
60a1ce266a5ccb14551a31408b149f1c5dbb156a445985c563513ee5b7269457
70579aeb202941fd639442359fcc813bfd6cd159fd03026167b5d288e2907362
960a5a1a9290ec81e6ede37b789fc9b2e68d1440ce687b0f5827e9be3a362bc2
a56f74eaf471b8d0869d8d9556e4925e89767e210c4f0cf273ee012213086ec2
b11c23f3f56536396be0c83b52ef01c57cc01e6afa6bba68121a850a27d8aee2
c97f125996575c4f9ca8b4a32f907e6b3fba10cb28df0c6006b40a458f7e948b
f7b7d36f6ffd3bed91ce16fcdd72909fa0d5b54c425d38805121cccfbddcbf19