www.bancprovnciabancinternet.org Open in urlscan Pro
2606:4700:3030::6815:1db7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bancprovnciabancinternet.org/
Submission: On December 28 via api (December 28th 2023, 5:47:17 pm UTC) — Scanned from JP

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3030::6815:1db7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bancprovnciabancinternet.org.
TLS certificate: Issued by E1 on December 28th 2023. Valid for: 3 months.

This is the only time www.bancprovnciabancinternet.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la Provincia de Buenos Aires (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:303... 2606:4700:3030::6815:1db7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
2	181.191.186.30 181.191.186.30	265806 (BANCO DE ...) (BANCO DE LA PROVINCIA DE BUENOS AIRES)
1 2	45.233.68.25 45.233.68.25	22798 (RED LINK ...) (RED LINK S.A.)
3	2600:1f18:18e... 2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7	14618 (AMAZON-AES) (AMAZON-AES)
14	5

7 2606:4700:3030::6815:1db7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bancprovnciabancinternet.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 181.191.186.30 (Buenos Aires, Argentina)

ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR)
PTR: pki.bancoprovincia.com.ar

www.bancoprovincia.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.233.68.25 (Argentina) 1 redirects

ASN22798 (RED LINK S.A., AR)

analytics.redlink.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

imagenes.bancainternet.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bancprovnciabancinternet.org www.bancprovnciabancinternet.org	2 MB
3	bancainternet.com.ar imagenes.bancainternet.com.ar	119 KB
2	redlink.com.ar 1 redirects analytics.redlink.com.ar	770 B
2	bancoprovincia.com.ar www.bancoprovincia.com.ar — Cisco Umbrella Rank: 794216	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	82 KB
14	5

	Domain	Requested by
7	www.bancprovnciabancinternet.org	www.bancprovnciabancinternet.org
3	imagenes.bancainternet.com.ar	www.bancprovnciabancinternet.org imagenes.bancainternet.com.ar
2	analytics.redlink.com.ar	1 redirects www.bancprovnciabancinternet.org
2	www.bancoprovincia.com.ar	www.bancprovnciabancinternet.org
1	code.jquery.com	www.bancprovnciabancinternet.org
14	5

This site contains no links.

Subject Issuer	Validity	Valid
bancprovnciabancinternet.org E1	`2023-12-28` - `2024-03-27`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
www.bancoprovincia.com.ar DigiCert SHA2 Extended Validation Server CA	`2023-01-04` - `2024-02-01`	a year	crt.sh
imagenes.bancainternet.com.ar Sectigo RSA Organization Validation Secure Server CA	`2023-08-30` - `2024-08-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.bancprovnciabancinternet.org/
Frame ID: 1E954014AC06994CEE05B4551F41E367
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Página del Banco de la Provincia de Buenos Aires

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1979 kB
Transfer

6661 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://analytics.redlink.com.ar/hblogin/p1.htm?url=https://www.bancprovnciabancinternet.org/ HTTP 302
https://analytics.redlink.com.ar/

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bancprovnciabancinternet.org/ 10 KB
3 KB 2230ms
2008ms Document
text/html 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.25
Resource Hash: fa9b7c89ed5da54dea18f8d0365b084be007b1628755efc79fe03b639d0b1779

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 83cba0577d0bdff9-NRT
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 28 Dec 2023 17:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FDwWUlHZqc09nih0PyxLYXxB2Q9bFTXlb%2B%2BZIM5KmAz0M62gI3kJZjr77nNVNmNNADxxhuc2b9a4UI7tUYsrOYnH7JuvMS%2B1uSvNKe6D3%2B9GgbqMYgg74XYxgv9zEoVKV4YY7%2BPdMdu0DhGVM9YjVJ98HRc9dC2aUikRgfLHg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.25

GET
H2 200 jquery-3.7.1.js Show response
code.jquery.com/ 279 KB
82 KB 20ms
2ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.js
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe

Request headers

Referer: https://www.bancprovnciabancinternet.org/
Origin: https://www.bancprovnciabancinternet.org
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:06 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5037875
x-cache: HIT, HIT
content-length: 83619
x-served-by: cache-lga21929-LGA, cache-nrt-rjtf7700029-NRT
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1703785626.277764,VS0,VE0
etag: W/"28feccc0-45a82"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 2166, 15391

GET
H2 200 helper.js Show response
www.bancprovnciabancinternet.org/assets/ 816 B
780 B 604ms
596ms Script
application/javascript 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/assets/helper.js
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa21a24a3dd314c7c10965b72b14e6a9a18aec824677023d2e9d524f9ff1fba7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:06 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"330-60d944a34e442-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gEBRhT24EX%2BEEEMN9Pf%2B3NF6hCtKnphdvpGv8lLEgz0gzO4Y%2B45gUABLdGCHKzJEeGg5Y1CwSh5ioMyOrwxkNXov8h%2FpGTt9vsJ7lavJQieAT6YRY04GJmXm1cBN7%2B9zT%2F0VZHpRuzCBKRLuLyF%2BHtbJBryny4NuKyiSx5avg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83cba0642853dff9-NRT
alt-svc: h3=":443"; ma=86400

GET
H2 200 translatorProd.js Show response
www.bancprovnciabancinternet.org/assets/ 587 B
691 B 600ms
594ms Script
application/javascript 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/assets/translatorProd.js
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb65b4c8572a5ac8e7c47e2477cb7ade42e54cd591aee4514ab5b6db169a1b43

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:06 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"24b-60d944a9beab9-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AjWhIy3BzvyOMtvORMhTXkJcMa%2FpFfnMCkkXAzfs3aWRhOLClRBtIhI81%2BSAZpWiEGbHQT%2B0zPZXOEdsnb9sg8hGP1GkIyC16AmK3xYp4GUFZ9BGTYBp45%2BTVHfZBXToGx12SNqiizMXcQGV0ru2wiajohnk%2BK4sA6UgrHl7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83cba0642854dff9-NRT
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-992f5422.js Show response
www.bancprovnciabancinternet.org/assets/ 5 MB
1 MB 1781ms
1775ms Script
application/javascript 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/assets/index-992f5422.js
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70dd903525e05a9bc0cf115fcda8a25ebe5c4fce2969ec98837c4ced56942a6

Request headers

Referer: https://www.bancprovnciabancinternet.org/
Origin: https://www.bancprovnciabancinternet.org
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"563909-60d944a9821fe-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Wj3Q4SicyxY79xRSMLGZMiZmDUqDSxooCUj14LPksHVrR%2BWIU2fl9MQP1gXZ9BhB9xFp1HEgAnfrVQj6NWesOOSRBw4ItFyhrKkuYAR40eV0FAiOnt8bO7Ce8t7k%2Be65f4nYXxI5TG1TgonkDTc0KJ2YdAiuaicBMStR2JnyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83cba0642856dff9-NRT
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-d094905c.css
www.bancprovnciabancinternet.org/assets/ 384 KB
49 KB 1213ms
1209ms Stylesheet
text/css 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/assets/index-d094905c.css
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29f0357e7bb59f7efefb9bd0376c93e7f99e36cbf538e3888039d63e7738812a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:07 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"60129-60d944a7c9372-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=At4HVd6kiTaFHJvDcq67x5v2e84ux4h9DD1xL%2FrOnC9YdVpgVBn%2BQ97HtJW8RnZUPkZ%2BADWBPxwTfwxLioybdXaGo9WUdQQYkWdEs0ImS0F2IX%2F1PUupYdHdf3dl9JZc7fm4lHzFKQfDToA0KWb38wLurh58lCX8RKg0OfbgFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 83cba0642851dff9-NRT
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK logo_2021_S
www.bancoprovincia.com.ar/CDN/Get/ 3 KB
4 KB 4287ms
622ms Image
image/svg+xml 181.191.186.30
BANCO DE LA PROVI...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bancoprovincia.com.ar/CDN/Get/logo_2021_S
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 181.191.186.30 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),
Reverse DNS: pki.bancoprovincia.com.ar
Software: nginx / ASP.NET
Resource Hash: 92ab91c157fd0fd33246869e8d877dc5c14d53dbfc25917a5b1b707c3afb97d3

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 28 Dec 2023 17:47:10 GMT
X-AspNetMvc-Version: 3.0
Last-Modified: Thu, 28 Dec 2023 17:39:22 GMT
Server: nginx
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=432,public
Connection: keep-alive
Content-Length: 3372
Expires: Thu, 28 Dec 2023 17:54:22 GMT

GET
H/1.1 200
OK logo_mobile_bip
www.bancoprovincia.com.ar/CDN/Get/ 6 KB
6 KB 4232ms
600ms Image
image/svg+xml 181.191.186.30
BANCO DE LA PROVI...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bancoprovincia.com.ar/CDN/Get/logo_mobile_bip
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 181.191.186.30 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),
Reverse DNS: pki.bancoprovincia.com.ar
Software: nginx / ASP.NET
Resource Hash: bd7f1be0f6563bb760345728beb5523d71117903c2693faf17a09e5a8929b418

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 28 Dec 2023 17:47:10 GMT
X-AspNetMvc-Version: 3.0
Last-Modified: Thu, 28 Dec 2023 17:34:48 GMT
Server: nginx
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=158,public
Connection: keep-alive
Content-Length: 6158
Expires: Thu, 28 Dec 2023 17:49:48 GMT

GET
H/1.1

200
OK

/ Show response
analytics.redlink.com.ar/
Redirect Chain

https://analytics.redlink.com.ar/hblogin/p1.htm?url=https://www.bancprovnciabancinternet.org/
https://analytics.redlink.com.ar/

246 B
521 B

282ms
281ms

XHR
text/html

45.233.68.25
RED LINK S.A.

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.redlink.com.ar/
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: HTTP/1.1
Server: 45.233.68.25 , Argentina, ASN22798 (RED LINK S.A., AR),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 774185757f47228d9b59ce512424a72614e1ffb88e4bc0a9a38141a318021cf1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 28 Dec 2023 17:47:09 GMT
Last-Modified: Fri, 09 Oct 2015 19:27:42 GMT
Server: Microsoft-IIS/8.5
ETag: "0b291c82d11:0"
X-Powered-By: ASP.NET
Content-Type: text/html
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 246

Redirect headers

Location: https://analytics.redlink.com.ar
Access-Control-Allow-Origin: *
Date: Thu, 28 Dec 2023 17:47:09 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 155
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200 login.js Show response
imagenes.bancainternet.com.ar/scriptdealer/script/v1/ho8y2i/ 117 KB
118 KB 3766ms
236ms Script
application/javascript 2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/scriptdealer/script/v1/ho8y2i/login.js?clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f&websiteId=1856

Requested by

Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/assets/translatorProd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

5e853c5d103be686396cb811eacf0ac0b14e147b569d3a4ca49118412af69ea8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 28 Dec 2023 17:47:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
x-content-type-options: nosniff
x-frame-options: DENY
Content-Type: application/javascript
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
Connection: keep-alive
Content-Length: 120170
x-xss-protection: 1;mode=block

GET
H3 200 login-ef23bd4d.png
www.bancprovnciabancinternet.org/assets/ 70 KB
71 KB 1182ms
1181ms Image
image/png 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bancprovnciabancinternet.org/assets/login-ef23bd4d.png
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bancprovnciabancinternet.org/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:08 GMT
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "11982-60d944a99f2d3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=So5nsuxvjUA5O9A4KkguEV6AxUQaHoBA000UL0bzerpGASwZoIQegHJ1SZOCZeuBYL8ceTfxWAjBu8TJPUVF6YJaN6CeZ15NIMfNv%2F5lRniCYY0Khimo0cOlcBReKoqRcEx5ab2SPN%2BTQcNZj7w4tVkeGeq5i2zQ1RM5uSR97w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 83cba06bda2e20b3-NRT
alt-svc: h3=":443"; ma=86400
content-length: 72066

GET
H3 200 EncodeSans-26f5e63f.ttf
www.bancprovnciabancinternet.org/assets/ 270 KB
271 KB 1159ms
1159ms Font
application/x-font-ttf 2606:4700:3030::6815:1db7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bancprovnciabancinternet.org/assets/EncodeSans-26f5e63f.ttf
Requested by: Host: www.bancprovnciabancinternet.org
URL: https://www.bancprovnciabancinternet.org/assets/index-d094905c.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:1db7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866

Request headers

Referer: https://www.bancprovnciabancinternet.org/assets/index-d094905c.css
Origin: https://www.bancprovnciabancinternet.org
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 28 Dec 2023 17:47:08 GMT
cf-cache-status: MISS
last-modified: Thu, 28 Dec 2023 16:20:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4393c-60d944a4b17bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5o%2FSrkMjI0F%2FfLZLUkffbTEmoY887ai873bU2F2fJ74X9ZypxYgQEff0jxPTPQfyE7W2Uo1MCd01U96v%2B80RCiyA3AhpnFtpAITk9He%2FZByEZzNG4XKhZ%2B7Gq6FWi9EeQHXIkrJVMSpcaWx3zLoh%2FviNj2pIHRS1NVUoQ8MTWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-ttf
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 83cba06bda2f20b3-NRT
alt-svc: h3=":443"; ma=86400
content-length: 276796

OPTIONS
H/1.1 200 pageFeatures
imagenes.bancainternet.com.ar/requestserver/rest/v1/ 0
0 504ms
171ms Preflight 2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.bancprovnciabancinternet.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 28 Dec 2023 17:47:11 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-requested-with, content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://www.bancprovnciabancinternet.org
access-control-max-age: 3600
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block

POST
H/1.1 200 pageFeatures Show response
imagenes.bancainternet.com.ar/requestserver/rest/v1/ 81 B
1 KB 173ms
172ms XHR
application/json 2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f

Requested by

Host: imagenes.bancainternet.com.ar
URL: https://imagenes.bancainternet.com.ar/scriptdealer/script/v1/ho8y2i/login.js?clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f&websiteId=1856

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

9b0e8ee6c403918d0a2fdfbdcf8c12d083d9b1e363b94fa455a1143ac459019c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.bancprovnciabancinternet.org/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

Date: Thu, 28 Dec 2023 17:47:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'self'
Transfer-Encoding: chunked
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Connection: keep-alive
x-xss-protection: 1;mode=block
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 3600
access-control-allow-methods: POST, OPTIONS
Content-Type: application/json
access-control-allow-origin: https://www.bancprovnciabancinternet.org
x-frame-options: DENY
access-control-allow-credentials: true
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
access-control-allow-headers: x-requested-with, content-type

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la Provincia de Buenos Aires (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			imagenes.bancainternet.com.ar/requestserver/rest/v1	1970-01-20 17:16:27	Name: herok Value: 2886860804YH3s7DrML1j9LXGO2W8bTv8ie3STXH
			imagenes.bancainternet.com.ar/requestserver/rest/v1	1969-12-31 23:59:59	Name: kirby Value: 2886860804YH3s7DrML1j9LXGO2W8bTv8ie3STXH

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.redlink.com.ar
code.jquery.com
imagenes.bancainternet.com.ar
www.bancoprovincia.com.ar
www.bancprovnciabancinternet.org
181.191.186.30
2600:1f18:18ef:ed10:f4f1:712c:2d4e:5ce7
2606:4700:3030::6815:1db7
2a04:4e42:400::649
45.233.68.25
26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866
29f0357e7bb59f7efefb9bd0376c93e7f99e36cbf538e3888039d63e7738812a
5e853c5d103be686396cb811eacf0ac0b14e147b569d3a4ca49118412af69ea8
774185757f47228d9b59ce512424a72614e1ffb88e4bc0a9a38141a318021cf1
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
92ab91c157fd0fd33246869e8d877dc5c14d53dbfc25917a5b1b707c3afb97d3
9b0e8ee6c403918d0a2fdfbdcf8c12d083d9b1e363b94fa455a1143ac459019c
bd7f1be0f6563bb760345728beb5523d71117903c2693faf17a09e5a8929b418
eb65b4c8572a5ac8e7c47e2477cb7ade42e54cd591aee4514ab5b6db169a1b43
ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de
f70dd903525e05a9bc0cf115fcda8a25ebe5c4fce2969ec98837c4ced56942a6
fa21a24a3dd314c7c10965b72b14e6a9a18aec824677023d2e9d524f9ff1fba7
fa9b7c89ed5da54dea18f8d0365b084be007b1628755efc79fe03b639d0b1779

www.bancprovnciabancinternet.org Open in urlscan Pro 2606:4700:3030::6815:1db7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

1979 kBTransfer

6661 kBSize

2 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

Indicators

www.bancprovnciabancinternet.org Open in urlscan Pro
2606:4700:3030::6815:1db7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1979 kB
Transfer

6661 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!