fshrf.za.com
Open in
urlscan Pro
119.18.55.244
Malicious Activity!
Public Scan
URL:
https://fshrf.za.com/bnp/goAAAANSUhEUgAAAiUAAAGnCAYAAAB/prelogonAuthentication/logon/bnp.php
Submission: On June 07 via manual from PL — Scanned from PL
Submission: On June 07 via manual from PL — Scanned from PL
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 29 HTTP transactions.
The main IP is 119.18.55.244, located in
India and
belongs to PUBLIC-DOMAIN-REGISTRY, US.
The main domain is fshrf.za.com.
TLS certificate: Issued by R3 on June 5th 2023. Valid for: 3 months.
This is the only time fshrf.za.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 5th 2023. Valid for: 3 months.
This is the only time fshrf.za.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 119.18.55.244 119.18.55.244 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
| 14 | 195.35.80.80 195.35.80.80 | 15993 (BG BNP Pa...) (BG BNP Paribas Spolka Akcyjna) | |
| 1 2 | 195.54.48.25 195.54.48.25 | 12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services) | |
| 29 | 4 |
2
119.18.55.244
(India)
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: 119-18-55-244.webhostbox.net
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: 119-18-55-244.webhostbox.net
| fshrf.za.com |
14
195.35.80.80
(Warsaw, Poland)
ASN15993 (BG BNP Paribas Spolka Akcyjna, PL)
PTR: login.bnpparibas.pl
ASN15993 (BG BNP Paribas Spolka Akcyjna, PL)
PTR: login.bnpparibas.pl
| login.bnpparibas.pl |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
bnpparibas.pl
login.bnpparibas.pl |
963 KB |
| 2 |
weborama.fr
1 redirects
bnpparibaspolska.solution.weborama.fr |
1 KB |
| 2 |
za.com
fshrf.za.com |
86 KB |
| 29 | 3 |
| Domain | Requested by | |
|---|---|---|
| 14 | login.bnpparibas.pl |
fshrf.za.com
login.bnpparibas.pl |
| 2 | bnpparibaspolska.solution.weborama.fr |
1 redirects
fshrf.za.com
|
| 2 | fshrf.za.com |
fshrf.za.com
|
| 29 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.bnpparibas.pl |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| fshrf.za.com R3 |
2023-06-05 - 2023-09-03 |
3 months | crt.sh |
| login.bnpparibas.pl DigiCert EV RSA CA G2 |
2023-03-22 - 2024-03-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://fshrf.za.com/bnp/goAAAANSUhEUgAAAiUAAAGnCAYAAAB/prelogonAuthentication/logon/bnp.php
Frame ID: C9A8B493F39A83E31AD4C02E073F3831
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
GOonline - BNP Paribas Bank Polska S.A.Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
URL: https://www.bnpparibas.pl/
Title: Strona główna banku
Title: Strona główna banku
Search URL Search Domain Scan URL
URL: https://www.bnpparibas.pl/bezpieczenstwo/bezpieczna-bankowosc
Title: Dowiedz się więcej
Title: Dowiedz się więcej
Search URL Search Domain Scan URL
URL: https://www.bnpparibas.pl/gomobile-biznes
Search URL Search Domain Scan URL
URL: https://www.bnpparibas.pl/_file/produkty-pliki/GOonline_biznes/BNPP_Pierwsze_logowanie_manual_020921_04_2.pdf
Title: Pierwsze logowanie
Title: Pierwsze logowanie
Search URL Search Domain Scan URL
URL: https://www.bnpparibas.pl/male-firmy/bankowosc-internetowa/biznes-planet/poznaj-szczegoly-dotyczace-obslugi
Title: Pierwsze kroki
Title: Pierwsze kroki
Search URL Search Domain Scan URL
URL: https://www.bnpparibas.pl/male-firmy/bankowosc-internetowa/biznes-planet/dokumenty
Title: Do pobrania
Title: Do pobrania
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- https://bnpparibaspolska.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=450710&WRP_PFL=%7C%7C%7C%7C&BI1=&BI2=&BI3=&BI4=&BI5=&WRP_SECTION=IDENT&WRP_SUBSECTION=LOGIN&WRP_CONTENT=&WRP_CHANNEL=&ver=2&da2=1686128116&ta=1600x1200&co=24&ref= HTTP 302
- https://bnpparibaspolska.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=450710&WRP_PFL=%7C%7C%7C%7C&BI1=&BI2=&BI3=&BI4=&BI5=&WRP_SECTION=IDENT&WRP_SUBSECTION=LOGIN&WRP_CONTENT=&WRP_CHANNEL=&ver=2&da2=1686128116&ta=1600x1200&co=24&ref=&BOUNCE=OK
29 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
bnp.php
fshrf.za.com/bnp/goAAAANSUhEUgAAAiUAAAGnCAYAAAB/prelogonAuthentication/logon/ |
64 KB 64 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
generated.css
login.bnpparibas.pl/static/css/ |
37 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.6.0.min.js
login.bnpparibas.pl/static/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
redesign.js
login.bnpparibas.pl/static/js/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sso_utils.js
login.bnpparibas.pl/static/js/ |
179 B 952 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wreport.js
login.bnpparibas.pl/static/js/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-bnp.f73d8ff8.svg
fshrf.za.com/bnp/goAAAANSUhEUgAAAiUAAAGnCAYAAAB/prelogonAuthentication/logon/bnp_files/ |
22 KB 22 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pl.svg
login.bnpparibas.pl/static/img/ |
694 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
en.svg
login.bnpparibas.pl/static/img/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard.d1d4add7.svg
login.bnpparibas.pl/static/media/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard_visible.1b9d5c0f.svg
login.bnpparibas.pl/static/media/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg.jpg
login.bnpparibas.pl/static/img/ |
396 KB 396 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans.09f90b37.woff2
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
bnp-icon.2d1afd76.woff2
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Bold.7ae86142.woff2
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Light.ba2746e1.woff2
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1_image_1600.png
login.bnpparibas.pl/static/banners/pl/ |
133 KB 134 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
2_image_1600.png
login.bnpparibas.pl/static/banners/pl/ |
79 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
3_image_1600.png
login.bnpparibas.pl/static/banners/pl/ |
98 KB 99 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bnp_e-podpisy_620x130.png
login.bnpparibas.pl/static/banners/pl/ |
98 KB 98 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
comptage_wreport.fcgi
bnpparibaspolska.solution.weborama.fr/fcgi-bin/ Redirect Chain
|
67 B 719 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans.faa11312.woff
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
bnp-icon.70d0b45f.woff
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Bold.1799b4a8.woff
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Light.7be5efd6.woff
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans.9569fa48.ttf
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
bnp-icon.bd78205d.ttf
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Bold.36ee7ed2.ttf
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
BNPPSans-Light.25cbe3ba.ttf
login.bnpparibas.pl/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans.09f90b37.woff2
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/bnp-icon.2d1afd76.woff2
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Bold.7ae86142.woff2
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Light.ba2746e1.woff2
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans.faa11312.woff
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/bnp-icon.70d0b45f.woff
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Bold.1799b4a8.woff
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Light.7be5efd6.woff
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans.9569fa48.ttf
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/bnp-icon.bd78205d.ttf
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Bold.36ee7ed2.ttf
- Domain
- login.bnpparibas.pl
- URL
- https://login.bnpparibas.pl/static/media/BNPPSans-Light.25cbe3ba.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)96 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| changeLang function| isIE function| handlePasswordInputFocus boolean| maskedFormErrorListenersSet function| setMaskedFormError function| setInputFieldError function| enhanceInputField function| enhanceInputMaskedField function| setKeyPageError function| showKeyPageLoader function| hideKeyPageLoader function| showLoader function| hideLoader boolean| submitStarted function| checkSubmit boolean| bCancel function| validateLoginAliasForm function| LoginAliasForm_required function| LoginAliasForm_maxlength function| LoginAliasForm_mask function| validateRequired function| validateMaxLength function| validateMask function| matchPattern function| trim function| init function| submitForm string| _HOST_HTTP_ string| _HOST_SSL_ number| _NB_MAX_CONTENU_ number| _TAILLE_MAX_CONTENU_ number| _TAILLE_MAX_CHAINE_ number| _TAILLE_MAX_ALPHANUM_ number| WEBO_ID_GROUPE string| COOKIE_SEGMENTATION function| wreport_counter function| generate_url function| count function| add_channel function| add_group function| add_content function| profiling_cookie_mode function| add_profile function| add_profiles function| delete_profiles function| get_profiles function| encode_en_lettre function| traite_chaine function| convertir function| traduction function| unicite_espace function| wf_uaO number| _NB_MAX_EXTEND_PARAMETERS number| _TAILLE_MAX_EXTEND_PARAMETER_ function| add_extend_parameters function| add_extend_parameter function| clean_extend_parameter function| get_extend_parameters function| getCookieVal function| GetCookie function| SetCookie function| wreport function| wreport_groupe function| wreport_click function| wreport_click_groupe function| Weborama object| weboramaObjects function| sendWeboramaReport number| wreport_ok object| slider function| sliderSetSlide function| sliderRestartAutoSet function| sliderOnClick object| keyboard string| keyboardVisibleClassName string| keyboardModeActiveClassName undefined| keyboardActiveInput undefined| keyboardVariant string| keyboardFullMode boolean| keyboardIsMasked function| showKeyboard function| hideKeyboard function| keyboardSetMode function| keyboardChangeActiveInput function| keyboardOnCharClick function| _keyboardOnCharClick function| keyboardOnDelete function| keyboardOnShift function| keyboardOnCapsLock function| initKeyboard object| weborama3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| login.bnpparibas.pl/ | Name: ian_ua_id Value: UJOExCaCbARTjj2W6BwePvCeFrsX2sr |
|
| .weborama.fr/ | Name: AFFICHE_W Value: 42GvCJl6ZnTj80 |
|
| .weborama.fr/ | Name: wbo_temps_reel Value: NDUwNzEw |
24 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bnpparibaspolska.solution.weborama.fr
fshrf.za.com
login.bnpparibas.pl
login.bnpparibas.pl
119.18.55.244
195.35.80.80
195.54.48.25
0819c38f8ed65e55b41056a339377a2bf8b90948481a01476952c7e3d6c3f648
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
2e6d9ca73a4e85849a0f5c3030ae95f26ea421449d97791d4b7c022468a5ae46
41d16aa0edaf0705c4821bb069ff9f322b349b6ab7975547609c3673f370ebf7
4410eddde076ab30f7d0a7a2b0e71497d0c5f2f00ed717c60b7693e895fd992d
5179e34149ae272b88752250721ce28e57cfb8f602c99c3ced654e5896993a38
5b0b0423ac6970722b5968134cdc8c77cc787496ef7d280891d6efd134aa261f
670d8693e3b3132b13cd93a2295302aedca950c1555093e8510e2916c3c60908
8ce66d5c990cdf108b534b65209fbd04da78b0811f62ac3d51b62b80c5ed43b7
8d200b7b48140028ad4d77522377d0482b16581d3c141d6947c663b36416af72
99820725d9a0a77e6b22f32f40084174970d2830a10ab2b5895dc4e079bb746e
9ab04d7f341254f72e1fb243cfae3c454e1631a539d0919c398301ebc2fdd9db
a019cd5a4c7c104cd9923784ab953b4f0a5c476d2d34e3ee5e0fd418349974ad
a6b693f38e022173a23111c60d0fe2dbddca246054c310d31bb3e45d25b190c4
b95ffed0db3187ceb3d737354cb28b14ac0dd1de300f9d793ba5a9a61dfc4f26
be6d1d7c850bd5796a54641a91464cb8727e3f549a35adadb064b6cc5bce417a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e