hm.it.isf.staging.bnpparibas-pf.com
Open in
urlscan Pro
2a02:26f0:3500:991::1:a0b8
Malicious Activity!
Public Scan
Submitted URL: https://hm.it.isf.staging.bnpparibas-pf.com/
Effective URL: https://hm.it.isf.staging.bnpparibas-pf.com/login.aspx
Submission: On October 05 via automatic, source certstream-suspicious — Scanned from IT
Effective URL: https://hm.it.isf.staging.bnpparibas-pf.com/login.aspx
Submission: On October 05 via automatic, source certstream-suspicious — Scanned from IT
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 14 HTTP transactions.
The main IP is 2a02:26f0:3500:991::1:a0b8, located in
Frankfurt am Main, Germany and
belongs to AKAMAI-ASN1, NL.
The main domain is hm.it.isf.staging.bnpparibas-pf.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on August 30th 2023. Valid for: 7 months.
This is the only time hm.it.isf.staging.bnpparibas-pf.com was scanned on urlscan.io!
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on August 30th 2023. Valid for: 7 months.
This is the only time hm.it.isf.staging.bnpparibas-pf.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Findomestic (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 15 | 2a02:26f0:350... 2a02:26f0:3500:991::1:a0b8 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 14 | 1 |
15
2a02:26f0:3500:991::1:a0b8
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| hm.it.isf.staging.bnpparibas-pf.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
bnpparibas-pf.com
1 redirects
hm.it.isf.staging.bnpparibas-pf.com |
256 KB |
| 14 | 1 |
| Domain | Requested by | |
|---|---|---|
| 15 | hm.it.isf.staging.bnpparibas-pf.com |
1 redirects
hm.it.isf.staging.bnpparibas-pf.com
|
| 14 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| bnp11s.bnpparibas.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-08-30 - 2024-03-23 |
7 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hm.it.isf.staging.bnpparibas-pf.com/login.aspx
Frame ID: 1F9558EA5FC2D3511B34957EEB54C49E
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
CStock - iStockFinancingPage URL History Show full URLs
-
https://hm.it.isf.staging.bnpparibas-pf.com/
HTTP 302
https://hm.it.isf.staging.bnpparibas-pf.com/login.aspx Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Microsoft ASP.NET
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.aspx?(?:$|\?)
- <input[^>]+name="__VIEWSTATE
Select2
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- select2(?:\.min|\.full)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hm.it.isf.staging.bnpparibas-pf.com/
HTTP 302
https://hm.it.isf.staging.bnpparibas-pf.com/login.aspx Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login.aspx
hm.it.isf.staging.bnpparibas-pf.com/ Redirect Chain
|
22 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
select2.min.css
hm.it.isf.staging.bnpparibas-pf.com//masterpagepriv/includes/scripts/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
hm.it.isf.staging.bnpparibas-pf.com//masterpagepriv/includes/scripts/ |
156 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
general.css
hm.it.isf.staging.bnpparibas-pf.com//masterpagepriv/includes/css/ |
30 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.7.0.min.js
hm.it.isf.staging.bnpparibas-pf.com/scripts/ |
85 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/scripts/ |
59 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
popper.min.js
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/scripts/ |
19 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
select2.min.js
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/scripts/ |
69 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
func.js
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/scripts/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
IT.png
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/img/logo/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
istock-logo.png
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
niceScroll.js
hm.it.isf.staging.bnpparibas-pf.com/masterpagepriv/includes/scripts/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wave.svg
hm.it.isf.staging.bnpparibas-pf.com//masterpagepriv/includes/img/ |
474 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
MaterialIcons-Regular.woff2
hm.it.isf.staging.bnpparibas-pf.com//masterpagepriv/includes/fonts/ |
43 KB 44 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Findomestic (Banking)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| theForm function| __doPostBack function| $ function| jQuery object| bootstrap function| Popper function| checkMediaQuerys function| checkStaticBtn function| isScrolledIntoView function| SideBarScroll undefined| MsgBoxTipoMensaje undefined| MsgBoxTextoMensaje function| MsgBoxMostrarMensaje object| NiceScroll function| descargarConcesionario function| descargarImportador number| width number| height function| idioma function| ocultardiv string| navBreadcrumDisplay3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| hm.it.isf.staging.bnpparibas-pf.com/ | Name: BIGipServer~PERSONAL_FINANCE~AP19494_hm_it_isf_staging_b_http_tcp_443~P_hm_it_isf_staging_b__http_443 Value: 435613962.53545.0000 |
|
| hm.it.isf.staging.bnpparibas-pf.com/ | Name: TS01e3d08d Value: 0165810bf63cdf03afc96100965a87f6b5fa16d3193c7fd2dc42c191656bf98801a61102c980d528442efd599aa2de9a379a13c841 |
|
| hm.it.isf.staging.bnpparibas-pf.com/ | Name: ASP.NET_SessionId Value: |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' |
| Strict-Transport-Security | max-age=15552000; includeSubDomains |
| X-Content-Type-Options | nosniff nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hm.it.isf.staging.bnpparibas-pf.com
2a02:26f0:3500:991::1:a0b8
193a81e8713370250a88db26a3b201df9f841cba4a212b567ff994693bc1bf22
1a06855324c9a72d4f8d777883436c5edc6d9e5aef8c6ff4598a091a0768218a
2cf216fd2ae022dbb67ed8288cbfb390db902ad95c30a08ea811bf95936644e2
3ae115d318fc7b30106755b7f6f75d4c5307a4d3a91dc79caa5c9a45b5ad1a9b
646be94d8c530951d009c8553231592b098e8708da86fbf13019cde550148742
9644cf609e9db34cdbdee77572bd9243fb3025fcf24f89f47cca12386b73af81
a7438c88e588cd20c7710a96752838643f788bc4f6049fcb5ca280215d599d71
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
b4391f91d88530fed6be3c4124f9a5b9b326beee3f4f8e987f2da19080479fe7
c2a282dd6dac10a3fbf469b4e67f489608777854e6d157bf11233dfbaa16851e
d797c3270c53be4ea0abbe522c57b4098380512456e4f9750c967dffeec88482
d7f06b47d8b1c7831167f02badbdabea1cde3c9d80d48114fc2e4b5088c337e4
dd2ca89251316637c00798b6ea9120755842c8b7691d24faa3aa01703891fd17
dd2de78939eb882446c53e4620309aac938abc88cb20fb47f721a2c8edab808a