onlinebanking.bancogalicia.com.ar
Open in
urlscan Pro
161.190.1.97
Public Scan
Submitted URL: https://irs.primeramfbank.com/ingresoseguro/login4.php
Effective URL: https://onlinebanking.bancogalicia.com.ar/login
Submission Tags: #phishing @coolcarlos17 Search All
Submission: On September 23 via api from FI — Scanned from FI
Effective URL: https://onlinebanking.bancogalicia.com.ar/login
Submission Tags: #phishing @coolcarlos17 Search All
Submission: On September 23 via api from FI — Scanned from FI
Summary
This website contacted 6 IPs
in 2 countries
across 8 domains to perform 30 HTTP transactions.
The main IP is 161.190.1.97, located in
Buenos Aires, Argentina and
belongs to Banco de Galicia y Buenos Aires, AR.
The main domain is onlinebanking.bancogalicia.com.ar.
The Cisco Umbrella rank of the primary domain is 446579.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 4th 2021. Valid for: a year.
This is the only time onlinebanking.bancogalicia.com.ar was scanned on urlscan.io!
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 4th 2021. Valid for: a year.
This is the only time onlinebanking.bancogalicia.com.ar was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 7 | 192.254.149.187 192.254.149.187 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 17 | 161.190.1.97 161.190.1.97 | 13474 (Banco de ...) (Banco de Galicia y Buenos Aires) | |
| 3 | 2a02:26f0:10e... 2a02:26f0:10e:2ae::1e80 | () () | |
| 1 | 2600:9000:236... 2600:9000:236e:c600:10:fcf8:9540:93a1 | () () | |
| 1 | 2a00:1450:400... 2a00:1450:4001:831::2008 | () () | |
| 30 | 6 |
7
192.254.149.187
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-254-149-187.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-254-149-187.unifiedlayer.com
| irs.primeramfbank.com |
17
161.190.1.97
(Buenos Aires, Argentina)
ASN13474 (Banco de Galicia y Buenos Aires, AR)
PTR: inversiones.bancogalicia.com.ar
ASN13474 (Banco de Galicia y Buenos Aires, AR)
PTR: inversiones.bancogalicia.com.ar
| onlinebanking.bancogalicia.com.ar |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
bancogalicia.com.ar
onlinebanking.bancogalicia.com.ar — Cisco Umbrella Rank: 446579 sifo.bancogalicia.com.ar Failed |
627 KB |
| 7 |
primeramfbank.com
3 redirects
irs.primeramfbank.com |
77 KB |
| 3 |
adobedtm.com
assets.adobedtm.com |
88 KB |
| 1 |
googletagmanager.com
www.googletagmanager.com |
|
| 1 |
we-stats.com
bcdn-god.we-stats.com |
|
| 0 |
prismasystems.com.ar
Failed
logo.prismasystems.com.ar Failed |
|
| 0 |
demdex.net
Failed
dpm.demdex.net Failed |
|
| 0 |
easysol.net
Failed
detectca.easysol.net Failed |
|
| 30 | 8 |
| Domain | Requested by | |
|---|---|---|
| 17 | onlinebanking.bancogalicia.com.ar |
onlinebanking.bancogalicia.com.ar
|
| 7 | irs.primeramfbank.com |
3 redirects
irs.primeramfbank.com
|
| 3 | assets.adobedtm.com |
onlinebanking.bancogalicia.com.ar
assets.adobedtm.com |
| 1 | www.googletagmanager.com |
onlinebanking.bancogalicia.com.ar
|
| 1 | bcdn-god.we-stats.com |
onlinebanking.bancogalicia.com.ar
|
| 0 | logo.prismasystems.com.ar Failed |
onlinebanking.bancogalicia.com.ar
|
| 0 | dpm.demdex.net Failed |
assets.adobedtm.com
|
| 0 | sifo.bancogalicia.com.ar Failed |
onlinebanking.bancogalicia.com.ar
|
| 0 | detectca.easysol.net Failed |
onlinebanking.bancogalicia.com.ar
|
| 30 | 9 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.irs.primeramfbank.com R3 |
2022-08-04 - 2022-11-02 |
3 months | crt.sh |
| onlinebanking.bancogalicia.com.ar DigiCert SHA2 Extended Validation Server CA |
2021-10-04 - 2022-10-04 |
a year | crt.sh |
| assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-19 - 2023-08-19 |
a year | crt.sh |
| *.we-stats.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-09-02 - 2022-09-29 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2022-09-05 - 2022-11-28 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://onlinebanking.bancogalicia.com.ar/login
Frame ID: B05C77CF9051F97DCBEAA48E452EB74C
Requests: 29 HTTP requests in this frame
Frame:
https://logo.prismasystems.com.ar/galicia/logogalicia.html
Frame ID: C27683949345C9A6AD71E98D96B44396
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Online BankingPage URL History Show full URLs
- https://irs.primeramfbank.com/ingresoseguro/login4.php Page URL
- https://onlinebanking.bancogalicia.com.ar/login Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtm\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://irs.primeramfbank.com/ingresoseguro/login4.php Page URL
- https://onlinebanking.bancogalicia.com.ar/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://irs.primeramfbank.com/ingresoseguro/calabasas/js/jquery-3.5.1.min.js HTTP 302
- https://irs.primeramfbank.com/login/
- https://irs.primeramfbank.com/ingresoseguro/calabasas/js/jquery.cookie.js HTTP 302
- https://irs.primeramfbank.com/login/
- https://irs.primeramfbank.com/ingresoseguro/style.css HTTP 302
- https://irs.primeramfbank.com/login/
30 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
login4.php
irs.primeramfbank.com/ingresoseguro/ |
969 B 780 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
irs.primeramfbank.com/login/ Redirect Chain
|
113 KB 25 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
irs.primeramfbank.com/login/ Redirect Chain
|
113 KB 25 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
irs.primeramfbank.com/login/ Redirect Chain
|
113 KB 25 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
login
onlinebanking.bancogalicia.com.ar/ |
64 KB 66 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
onlinebanking.bancogalicia.com.ar/Content/ |
121 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
default.min.css
onlinebanking.bancogalicia.com.ar/Content/ |
1 MB 136 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard.css
onlinebanking.bancogalicia.com.ar/Content/Keyboard/ |
492 B 857 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
simple-keyboard.css
onlinebanking.bancogalicia.com.ar/Content/Keyboard/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sharedout
onlinebanking.bancogalicia.com.ar/bundles/ |
378 KB 378 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
FrontFunctions.min.js
onlinebanking.bancogalicia.com.ar/Scripts/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
customcarousel.min.css
onlinebanking.bancogalicia.com.ar/Content/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
seguloginborders
onlinebanking.bancogalicia.com.ar/bundles/ |
651 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
seguloginclientless
onlinebanking.bancogalicia.com.ar/bundles/ |
436 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
launch-121f57795303.min.js
assets.adobedtm.com/87fc8b53a8b1/118d2b304f55/ |
270 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
simple-keyboard.min.js
onlinebanking.bancogalicia.com.ar/Scripts/Keyboard/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
polyfill.js
onlinebanking.bancogalicia.com.ar/Scripts/Keyboard/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard.js
onlinebanking.bancogalicia.com.ar/Scripts/Keyboard/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ad1a29c5.js
bcdn-god.we-stats.com/scripts/ad1a29c5/ |
465 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
detect.js
detectca.easysol.net/detectca/scripts/QjL8pgjJN3mpOxVuG7JxpI2OYsRMit/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
login.js
sifo.bancogalicia.com.ar/requestserver/script/v1/5jhre/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
189 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.svg
onlinebanking.bancogalicia.com.ar/images/default/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Inter-Regular.woff2
onlinebanking.bancogalicia.com.ar/Content/fonts/ |
16 KB 0 |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome-webfont.woff2
onlinebanking.bancogalicia.com.ar/Content/fonts/ |
16 KB 0 |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
id
dpm.demdex.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
logogalicia.html
logo.prismasystems.com.ar/galicia/ Frame C276 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RC5c586ba0929940a696dc126ec70eb6e6-source.min.js
assets.adobedtm.com/87fc8b53a8b1/118d2b304f55/2de6673382cb/ |
1011 B 821 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
101-African-Woman-Sofia-Freixas.png
onlinebanking.bancogalicia.com.ar/images/art/ |
16 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RC64eede6a39314b6e957236a16f5fbd4a-source.min.js
assets.adobedtm.com/87fc8b53a8b1/118d2b304f55/2de6673382cb/ |
661 B 669 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- detectca.easysol.net
- URL
- https://detectca.easysol.net/detectca/scripts/QjL8pgjJN3mpOxVuG7JxpI2OYsRMit/detect.js
- Domain
- sifo.bancogalicia.com.ar
- URL
- https://sifo.bancogalicia.com.ar/requestserver/script/v1/5jhre/login.js?clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
- Domain
- dpm.demdex.net
- URL
- https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&ts=1663945593249
- Domain
- logo.prismasystems.com.ar
- URL
- https://logo.prismasystems.com.ar/galicia/logogalicia.html
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| irs.primeramfbank.com/ | Name: wcUserSettings Value: %7B%7D |
|
| irs.primeramfbank.com/ | Name: PHPSESSID Value: c141972664b017ace732f8d76235036d |
|
| onlinebanking.bancogalicia.com.ar/ | Name: ASP.NET_SessionId Value: nkyfdgjns3ataab3aa1s502x |
|
| onlinebanking.bancogalicia.com.ar/ | Name: ADRUM_BTa Value: R:30|g:1797a4fd-7ca2-414a-bed8-322730766344|n:customer1_ab160084-0402-4ee6-8708-8af776cf193a |
|
| onlinebanking.bancogalicia.com.ar/ | Name: SameSite Value: None |
|
| onlinebanking.bancogalicia.com.ar/ | Name: ADRUM_BT1 Value: R:30|i:182572|e:5 |
|
| .bancogalicia.com.ar/ | Name: Luke Value: a94bd446-875a-4909-875f-468b8de26978 |
|
| .bancogalicia.com.ar/ | Name: R2D2 Value: https://bcdn-god.we-stats.com/scripts/ad1a29c5/ad1a29c5.js |
|
| onlinebanking.bancogalicia.com.ar/ | Name: __RequestVerificationToken Value: KF9N6Y4wf8tbNVqbFyyluSbEqBm0UOMcFe49ECVaytH3yqMnzwPCh2ZUOtYVtOhDSPpqlQv3CChczKldOc6UCWahi1wp00VKNsS8KIIgDwo1 |
|
| onlinebanking.bancogalicia.com.ar/ | Name: TS010dd3b2 Value: 01f07bd103499611084d6fa438c188e12e9dc2e35a524333c092ea18ac32c3ce52323a6cc82b1cef169b7c04569397e5023c8ce2da |
|
| .bancogalicia.com.ar/ | Name: TS017bfb32 Value: 01f07bd103499611084d6fa438c188e12e9dc2e35a524333c092ea18ac32c3ce52323a6cc82b1cef169b7c04569397e5023c8ce2da |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
bcdn-god.we-stats.com
detectca.easysol.net
dpm.demdex.net
irs.primeramfbank.com
logo.prismasystems.com.ar
onlinebanking.bancogalicia.com.ar
sifo.bancogalicia.com.ar
www.googletagmanager.com
detectca.easysol.net
dpm.demdex.net
logo.prismasystems.com.ar
sifo.bancogalicia.com.ar
161.190.1.97
192.254.149.187
2600:9000:236e:c600:10:fcf8:9540:93a1
2a00:1450:4001:831::2008
2a02:26f0:10e:2ae::1e80
1c58f92f9596b6dd2a8c87f36410923e9c496f4dd5ecd597e637f4bdc0802aae
38897b9c57348292122779879c80331e43d6c60aeb934f42e84b06318f716ca7
38c2ceafd2e0319b0249ad97ab59932dd54971afd9422bb5bbff40ab7069d763
3b8161c03165e596503cd4083657ca72bbe3bc61112c1469f50c0c3277f9136b
3f961962dc4471c881dd809308411177f1201cc7cb7691b24c9bd66bcfde5722
3fcd5fe98fc65b0d9700fa15cc418606cba4db4c9bf2b55d3df9a75389a8d2af
48b4936ce5566096a7dc0bc0df94cae93b187b0c87ac2fe79d690c92634b66c9
612a237e8ee113c28afb5b58bce39eed244dc31b6d2127b45da334edca204b85
79bc138b2eac633adf8559e288cad38077b3a290d6120ce9db0799840d669b8f
a0f1a6b0cab1542efa29969d0bc9fba7545c1dd05bdb3e7720de10335620f264
aeb5d0349aa593eff0c1cf5953407f354b183a315f3b37a80eaf3b4b9e9dab14
b4ff0e55e735bcecbe65b3d851306ed458d3ef865d108b74dbc107ead609a17a
b8f28cd9cc6257cdefca49414abb41ad8eabfaf681b33663da840e88d72ebfbd
bbe38ea936a98dc2e29e174f97c12812255f0c9e254aaeb9c61634e9a31a0a79
c4145a9e8ffd7f6e600cb97e9d5b54488499fec84e99b147ee7c48d171314395
c46e9d5b86e7a9c0405f4edb56d1f7f8a4a463dca80ff9b99b916da39064a233
c714daca086c41b0915c1eb7cdfc38696582eba1d6a0259e2fec643e84728be6
d4c188569ffbc2be5b08bb39ac400654b41bce116782a6a598ae932ed4340a6d
f397778bb003ff2d647f5d7d90050f9b50f43622fb02637c8537f159f460bbad
fcfddb3e6fe7aea078fdb1ca5a04a69d5bc5f592d5918266079b35f15eda3ddf